Commit graph

2784 commits

Author SHA1 Message Date
Richard Levitte
1e11df0dc3 Make sure aep_close_connection() is declared and has a prototype that's
consistent with the rest of the AEP functions
2002-02-28 12:59:03 +00:00
Richard Levitte
7d68189d8a Make sure aep_close_connection() is declared and has a prototype that's
consistent with the rest of the AEP functions
2002-02-28 12:58:43 +00:00
Richard Levitte
421d474332 Increase internal security when using strncpy, by making sure the resulting string is NUL-terminated 2002-02-28 12:44:05 +00:00
Richard Levitte
26414ee013 Increase internal security when using strncpy, by making sure the resulting string is NUL-terminated 2002-02-28 12:42:19 +00:00
Richard Levitte
58060fa11b Updated AEP engine, submitted by Diarmuid O'Neill <Diarmuid.ONeill@aep.ie> 2002-02-28 11:37:35 +00:00
Richard Levitte
5c62f68e14 Updated AEP engine, submitted by Diarmuid O'Neill <Diarmuid.ONeill@aep.ie> 2002-02-28 11:36:38 +00:00
Bodo Möller
59dbdb51dc disable '#ifdef DEBUG' sections 2002-02-28 10:51:56 +00:00
Geoff Thorpe
92d1bc09cb This adds a new ENGINE to support IBM 4758 cards, contributed by Maurice
Gittens.
2002-02-27 22:55:28 +00:00
Geoff Thorpe
6d1a837df7 This adds a new ENGINE to support IBM 4758 cards, contributed by Maurice
Gittens.
2002-02-27 22:45:48 +00:00
Dr. Stephen Henson
b12540520d Always init ctx_tmp in PKCS7_dataFinal since it is always cleaned up. 2002-02-26 19:33:24 +00:00
Dr. Stephen Henson
bb9dcc99cf Always init ctx_tmp in PKCS7_dataFinal since it is always cleaned up. 2002-02-26 19:32:16 +00:00
Richard Levitte
0d7b9b8b7e make update, after moving around symbols in libeay.num to match
0.9.7-stable.
2002-02-26 14:41:29 +00:00
Richard Levitte
3d59821134 make update 2002-02-26 14:37:25 +00:00
Dr. Stephen Henson
e36e473859 Make the engine config module always add dynamic ENGINEs
to the list using dynamic_path. This stops ENGINEs which
don't supply any default algorithms being automatically
freed (because they have no references) and allows them
to be accessed by id.

Alternative dynamic loading behaviour can be achieved by
issuing the dynamic ENGINE ctrls separately in the config file.
2002-02-24 16:22:20 +00:00
Dr. Stephen Henson
4a3e6bce79 Make the engine config module always add dynamic ENGINEs
to the list using dynamic_path. This stops ENGINEs which
don't supply any default algorithms being automatically
freed (because they have no references) and allows them
to be accessed by id.

Alternative dynamic loading behaviour can be achieved by
issuing the dynamic ENGINE ctrls separately in the config file.
2002-02-24 16:20:50 +00:00
Dr. Stephen Henson
a3829cb720 Updates from stable branch. 2002-02-23 13:50:29 +00:00
Dr. Stephen Henson
d7fb66aa82 Remove old comment 2002-02-23 13:43:07 +00:00
Dr. Stephen Henson
344b3b5ce1 OPENSSL_LOAD_CONF define as in main trunk 2002-02-23 02:09:29 +00:00
Dr. Stephen Henson
3f7cf29124 Update from main branch. 2002-02-23 01:47:59 +00:00
cvs2svn
63dc69fef6 This commit was manufactured by cvs2svn to create branch
'OpenSSL_0_9_7-stable'.
2002-02-23 01:00:45 +00:00
Dr. Stephen Henson
e84be9b495 New OPENSSL_LOAD_CONF define to load openssl.cnf
when OpenSSL_add_all_algorithms() is called.
2002-02-23 01:00:44 +00:00
Dr. Stephen Henson
3208ff58ca make errors 2002-02-22 21:17:31 +00:00
Dr. Stephen Henson
6707d22a40 Update from stable branch. 2002-02-22 14:07:35 +00:00
Dr. Stephen Henson
3647bee263 Config code updates.
CONF_modules_unload() now calls CONF_modules_finish()
automatically.

Default use of section openssl_conf moved to
CONF_modules_load()

Load config file in several openssl utilities.

Most utilities now load modules from the config file,
though in a few (such as version) this isn't done
because it couldn't be used for anything.

In the case of ca and req the config file used is
the same as the utility itself: that is the -config
command line option can be used to specify an
alternative file.
2002-02-22 14:01:21 +00:00
Dr. Stephen Henson
0cd8572b2d Config code updates.
CONF_modules_unload() now calls CONF_modules_finish()
automatically.

Default use of section openssl_conf moved to
CONF_modules_load()

Load config file in several openssl utilities.

Most utilities now load modules from the config file,
though in a few (such as version) this isn't done
because it couldn't be used for anything.

In the case of ca and req the config file used is
the same as the utility itself: that is the -config
command line option can be used to specify an
alternative file.
2002-02-22 13:58:15 +00:00
Bodo Möller
de603b75fc disable '#ifdef DEBUG' sections 2002-02-21 14:08:47 +00:00
Bodo Möller
3e563bcea7 disable '#ifdef DEBUG' sections 2002-02-21 13:07:44 +00:00
Bodo Möller
1244be2eda disable '#ifdef DEBUG' sections 2002-02-21 13:00:45 +00:00
Dr. Stephen Henson
92f91ff48b Config file updates from stable branch 2002-02-21 00:54:54 +00:00
Richard Levitte
b0701709c1 Add comfy aliases for AES in CBC mode. 2002-02-20 18:00:23 +00:00
Richard Levitte
5b7848a345 Add comfy aliases for AES in CBC mode. 2002-02-20 17:59:49 +00:00
Richard Levitte
34aa216a65 Stop assuming the IV is 8 bytes long, use the real size instead.
This is especially important for AES that has a 16 bytes IV.
2002-02-20 17:56:01 +00:00
Richard Levitte
915c6a21ba Stop assuming the IV is 8 bytes long, use the real size instead.
This is especially important for AES that has a 16 bytes IV.
2002-02-20 17:55:08 +00:00
Richard Levitte
a76a29f233 Merge in recent changes from the main trunk. 2002-02-20 17:53:17 +00:00
Richard Levitte
236be53269 gcc figures that the format specifier %2x means unsigned int, so let's
make n unsigned.
2002-02-20 13:50:36 +00:00
Richard Levitte
1fc1bd382b Instead of casting a lvalue, let's constify meth. 2002-02-20 13:49:17 +00:00
Bodo Möller
3613e6fc57 simplifications
Submitted by: Nils Larsch
2002-02-20 13:08:17 +00:00
Richard Levitte
bd53a054b1 Merg in recent changes from the main trunk. 2002-02-20 12:28:32 +00:00
Richard Levitte
f19759a182 Instead of just checking for OpenVMS, check if DEC C is used, since it's as
picky on all platforms
2002-02-20 12:01:24 +00:00
Bodo Möller
d009bcbfb6 bugfix: allocate sufficiently large buffer
Submitted by: Nils Larsch
2002-02-20 11:59:42 +00:00
Bodo Möller
211b8685d3 bugfix: allocate sufficiently large buffer
Submitted by: Nils Larsch
2002-02-20 11:58:17 +00:00
Richard Levitte
4b71f63ac0 Comparing a pointer (data) with 0 using > is incorrect. The changed
comparison doesn't look right, but at least it compiles.  It would be nice
if the one who knows what this is supposed to do changed it to do it correctly
2002-02-20 11:57:33 +00:00
Richard Levitte
3adb8c3854 With Compaq make, it seems like # inside an action becomes part of the command, not a comment at all 2002-02-20 11:43:40 +00:00
Geoff Thorpe
5b2d6ff07e make update 2002-02-20 08:33:55 +00:00
Dr. Stephen Henson
9c75b2d931 Use default openssl.cnf if config filename set to NULL and
openssl_conf if appname NULL.
2002-02-19 23:25:18 +00:00
Richard Levitte
3d7ba69a05 The AES modes OFB and CFB are defined with 128 feedback bits. This
deviates from the "standard" 64 bits of feedback that all other
algorithms are using.  Therefore, let's redo certain EVP macros to
accept different amounts of feedback bits for these modes.

Also, change e_aes.c to provide all usually available modes for AES.
CTR isn't included yet.
2002-02-16 12:39:58 +00:00
Richard Levitte
a6cd870784 The AES modes OFB and CFB are defined with 128 feedback bits. This
deviates from the "standard" 64 bits of feedback that all other
algorithms are using.  Therefore, let's redo certain EVP macros to
accept different amounts of feedback bits for these modes.

Also, change e_aes.c to provide all usually available modes for AES.
CTR isn't included yet.
2002-02-16 12:39:07 +00:00
Richard Levitte
58133d22a8 Add the modes OFB128, CFB128 and CTR128 to AES.
Submitted by Stephen Sprunk <stephen@sprunk.org>
2002-02-16 12:21:43 +00:00
cvs2svn
330e5c5460 This commit was manufactured by cvs2svn to create branch
'OpenSSL_0_9_7-stable'.
2002-02-16 12:20:35 +00:00
Richard Levitte
97879bcd57 Add the modes OFB128, CFB128 and CTR128 to AES.
Submitted by Stephen Sprunk <stephen@sprunk.org>
2002-02-16 12:20:34 +00:00
Richard Levitte
ab519c8262 Adjust the NID names for the AES modes OFB and CFB to contain the number
of feedback bits
2002-02-16 12:16:43 +00:00
Richard Levitte
ab1dee1efc Adjust the NID names for the AES modes OFB and CFB to contain the number
of feedback bits
2002-02-16 12:15:30 +00:00
Richard Levitte
e072aa535d The macro IMPLEMENT_ASN1_FUNCTIONS_const already contains an ending ;,
so do not add one after the expansion, since ANSI C doesn't allow ;;
at this level (or at least, so tells me gcc).
2002-02-16 12:03:25 +00:00
Richard Levitte
48f9859d2a Local time' shadows the global function time()'. Rename the local
variable to `tim' (and, as a matter of consequence, `time_d' to `tim_d').
2002-02-16 12:01:13 +00:00
Richard Levitte
48b5083ca0 Missing #endif 2002-02-16 11:58:16 +00:00
Bodo Möller
c363b5a62f constify 2002-02-15 10:19:22 +00:00
Dr. Stephen Henson
80bbb6578e Add flag to disable config module DSO loading. 2002-02-15 02:43:50 +00:00
Dr. Stephen Henson
19cc0f0ab4 Only initialize cipher ctx if cipher is not NULL. 2002-02-15 01:01:36 +00:00
Dr. Stephen Henson
14e14ea68c Allow a NULL store parameter to X509_STORE_CTX_init(). 2002-02-15 00:58:14 +00:00
Dr. Stephen Henson
834d37ed86 Don't call finish function if it isn't set.
Fix OID module.
2002-02-15 00:33:35 +00:00
Dr. Stephen Henson
86a0d0234d Add argument to OPENSSL_config() and add flag to
tolerate missing config file.
2002-02-14 23:39:36 +00:00
Dr. Stephen Henson
4598be561a typo (?) 2002-02-14 18:52:37 +00:00
Dr. Stephen Henson
af5db47e99 Fix warnings:
#if out some unused function.

"index" is a global function on some platforms.
2002-02-14 18:46:12 +00:00
Richard Levitte
fb67f40f04 Add the configuration target VxWorks. 2002-02-14 16:23:55 +00:00
Bodo Möller
e65991f977 fix indentation 2002-02-14 16:08:55 +00:00
Richard Levitte
3e83e686ba Add the configuration target VxWorks. 2002-02-14 15:37:38 +00:00
Bodo Möller
48033c3242 fix: make it possible to disable memory debugging even if it is
enabled by default
2002-02-14 14:47:15 +00:00
Bodo Möller
8f06b00373 make it possible to disable memory checking for timings 2002-02-14 14:41:13 +00:00
Bodo Möller
aa1f5b3581 don't call OPENSSL_config(), this does not make any sense during "make test" 2002-02-14 13:52:11 +00:00
Bodo Möller
6cc3700314 don't call OPENSSL_config(), this does not make any sense during "make test" 2002-02-14 13:51:20 +00:00
Richard Levitte
d9d3a69595 Make sure memset() is defined by including string.h
Notified by Oscar Jacobsson <oscar@jacobsson.org>
2002-02-14 13:51:13 +00:00
Richard Levitte
cc1489d2f2 Make sure memset() is defined by including string.h
Notified by Oscar Jacobsson <oscar@jacobsson.org>
2002-02-14 13:51:04 +00:00
Richard Levitte
016029c69f For some reason, getting the topmost error was done the same way as
getting the bottommost one.  I hope I understood correctly how this
should be done.  It seems to work when running evp_test in an
environment where it can't find openssl.cnf.
2002-02-14 13:45:26 +00:00
Richard Levitte
f9adfa6d4e For some reason, getting the topmost error was done the same way as
getting the bottommost one.  I hope I understood correctly how this
should be done.  It seems to work when running evp_test in an
environment where it can't find openssl.cnf.
2002-02-14 13:42:33 +00:00
Bodo Möller
d8309efc72 EC_GROUP_get_group_by_name() is now called EC_GROUP_new_by_name() 2002-02-14 10:23:20 +00:00
Ben Laurie
f43acc8a50 Fix warnings. 2002-02-14 09:59:35 +00:00
Richard Levitte
976b2c9c2f Because making the key strong by xoring the last byte with 0xF0
generates different keys than previous versions of OpenSSL and libdes,
let's make Assar's change experimental for now.
2002-02-14 02:43:57 +00:00
Bodo Möller
4d94ae00d5 ECDSA support
Submitted by: Nils Larsch <nla@trustcenter.de>
2002-02-13 18:21:51 +00:00
Bodo Möller
60d8bae30d some modifications to named curve support 2002-02-13 17:57:52 +00:00
Richard Levitte
0caec9e8f8 Modify the main trunk version to 0.9.8-dev.
0.9.7 now lives in the branch OpenSSL_0_9_7-stable.
2002-02-13 17:46:38 +00:00
Bodo Möller
4f85a2e21e new locks 2002-02-13 17:25:27 +00:00
Bodo Möller
945e15a253 add support for named curves
Submitted by: Nils Larsch <nla@trustcenter.de>
2002-02-13 17:22:59 +00:00
cvs2svn
fbfcdc4cef This commit was manufactured by cvs2svn to create branch
'OpenSSL_0_9_7-stable'.
2002-02-13 14:44:34 +00:00
Richard Levitte
81269a81ee Remove an unused variable. 2002-02-07 21:55:22 +00:00
Richard Levitte
3537525e00 Oops, do not unlock CRYPTO_LOCK_DYNLOCK when we locked
CRYPTO_LOCK_RAND...
2002-02-07 21:49:21 +00:00
Richard Levitte
d38f3ad1ee I forgot to include the aep and sureware vendor header files. 2002-02-07 21:43:05 +00:00
Richard Levitte
e083f91497 Because AEP and we used the same AEP_R_ prefix for error reasons,
lets change our prefix to AEPHK_R_.  Otherwise, we get very mysterious
errors because we happen to redefine AEP_R_OK and AEP_R_GENERAL_ERROR.
2002-02-07 21:12:08 +00:00
Richard Levitte
ba2cad19cf Add aep and sureware implementations and clean up some error reasons
that were never part of the engine framework.

The aep and sureware implementations are taken directly from 0.9.6c
[engine] and have been modified to fit the newer engine framework and
to be possible to build shared libraries of.

The aep implementation has gone through quite a bunch of tests and is
cleaned up (there were some misunderstandings in it about how to use
locks).

The sureware hasn't been tested at all in this incarnation and is
basically a quick hack to get it to compile properly.
2002-02-07 20:44:14 +00:00
Richard Levitte
db0a1efcc9 Certain reasons aren't really part of the engine framework, so let's
make them ubsec-specific in the ubsec implementation.
2002-02-07 20:37:55 +00:00
Richard Levitte
9074521458 Generate the individual engines' error strings and macros
automatically.
2002-02-07 20:02:49 +00:00
Richard Levitte
de2f6e4dae 'make update' 2002-02-05 17:34:58 +00:00
Richard Levitte
44bdb056d4 With the changed des_old API, let's complete the work by renaming the
functions in ui_compat.  This gave reason to rework that part more
thoroughly, so here are the changes made:

1. Add DES_read_password() and DES_read_2passwords() with the same
   functionality as the corresponding old des_ functions, as a
   convenience to the users.
2. Add UI_UTIL_read_pw_string() and UI_UTIL_read_pw() with the
   functionality from des_read_pw_string() and des_read_pw(), again as
   a concenience to the users.
3. Rename des_read_password(), des_read_2passwords(),
   des_read_pw_string() and des_read_pw() by changing des_ to
   _ossl_old_des_, and add the usual mapping macros.
4. Move the implementation of des_read_password() and
   des_read_2passwords() to the des directory, since they are tightly
   tied to DES anyway.

This change was inspired by a patch from Assar Westerlund <assar@sics.se>:

There are some functions that didn't get the kick-away-old-des-and-
replace-des-with-DES action.  Here's a patch that adds DES_ and des_
(in des_old.h) versions of des_read_pw_string et al.  This patch
includes some of the first des_old.h semi-colon macro fixes that I've
already sent.
2002-02-05 17:15:18 +00:00
Richard Levitte
c31bbf1e68 Apply one patch from Assar Westerlund <assar@sics.se>:
The following patch makes sure that string2key does not use weak DES
keys (then making them non-weak by xor:ing with 0xF0).
2002-02-05 15:05:42 +00:00
Richard Levitte
5e68f8ce15 Apply three patches from Assar Westerlund <assar@kth.se>:
This patch makes the macros in des_old.h actually pretend to be
functions.

There's no reason not to define _ossl_old_crypt when using
PERL5/FreeBSD/darwin/Next, since it makes using crypt and including
des.h break.  Here's a trivial patch.

This patch fixes some of the typos used in macro names in des_old.h
and the number of arguments for some of them.
2002-02-05 06:02:58 +00:00
Richard Levitte
b9a3ef4c6e ASN1_BIT_STRING_set_bit() didn't clear previously set bits 2002-02-03 21:31:41 +00:00
Dr. Stephen Henson
1955b87423 #undef some things that cause a conflict under Win32 when
wincrypt.h is included.
2002-02-02 13:19:27 +00:00
Lutz Jänicke
866eedb936 Shut up compiler warnings for inconsistent declarations. 2002-01-29 17:14:50 +00:00
Richard Levitte
1199e2d8cf Apply patch from Toomas Kiisk <vix@cyber.ee> and complete it. 2002-01-29 12:36:01 +00:00
Bodo Möller
072569e0f1 Undo previous change, X509_check_issued() was correct.
[See
     Message-ID: <3BB07999.30432AD2@celocom.com>
     Date: Tue, 25 Sep 2001 13:33:29 +0100
     From: Dr S N Henson <drh@celocom.com>
     To: openssl-dev@openssl.org
     Subject: Re: Error in v3_purp.c
]
2002-01-27 17:41:12 +00:00
Lutz Jänicke
2a81428489 Remove blanks at begin of empty lines irritating epv_test.c 2002-01-26 15:24:38 +00:00
Richard Levitte
b77fcddb6b Apply a small patch from Oscar Jacobsson <oscar@jacobsson.org> that
makes things more compilable with VC++.
2002-01-26 04:50:41 +00:00
Richard Levitte
f6fbd470e3 It looks like I didn't remove everything that has to do with the
non-existant aestest.c.
2002-01-26 04:45:37 +00:00
Richard Levitte
63810d8566 Apply a small patch from Diego R. Lopez <diego.lopez@rediris.es>,
making X509_check_issued() properly match an issuer that's found in a
Authority Key Identifier.
2002-01-26 04:25:16 +00:00
Richard Levitte
123c401967 GCC uses __i386__. 2002-01-26 03:57:41 +00:00
Richard Levitte
2d57b73a50 I got a request to make the "old des" symbols more closely tied to
OpenSSL.  Adding '_ossl' in the name seems to be a good way to do
this.
2002-01-26 01:14:09 +00:00
Richard Levitte
a297985f42 Apply a change by Toomas Kiisk <vix@cyber.ee>:
* Fix a crashbug and a logic bug in hwcrhk_load_pubkey()
2002-01-25 17:45:30 +00:00
Richard Levitte
72165799a8 There is no aestest currently. The EVP tester is used to check the
AES algorithm.
2002-01-25 07:52:25 +00:00
Geoff Thorpe
f1c2a9de45 The 'type' parameter, an EVP_MD pointer, represents the type of digest
required as well as a default implementation (when no ENGINE provides a
replacement implementation). This change makes sure the correct
implementation's "init()" handler is used rather than assuming 'type'.
2002-01-25 03:13:50 +00:00
Richard Levitte
52b66a622d Keep the NIST AES vectors that were there previously. 2002-01-24 18:09:50 +00:00
Bodo Möller
273db408a8 sort functions ... 2002-01-24 17:17:33 +00:00
Bodo Möller
957b6db3b1 fix formatting of automatically generated error section 2002-01-24 16:20:42 +00:00
Bodo Möller
a14e2d9dfe New functions
ERR_peek_last_error
    ERR_peek_last_error_line
    ERR_peek_last_error_line_data
(supersedes ERR_peek_top_error).

Rename OPENSSL_NO_OLD_DES_SUPPORT into OPENSSL_DISABLE_OLD_DES_SUPPORT
because OPENSSL_NO_... indicates disabled algorithms (according to
mkdef.pl).
2002-01-24 16:16:43 +00:00
Richard Levitte
fe19c448f0 make update
libeay.num got tweaked so the old des symbols would retain their
positions.
2002-01-24 12:31:54 +00:00
Richard Levitte
fcf6473199 Because of recent changes, there's no need to hack the des symbols any
more.
2002-01-24 12:30:15 +00:00
Richard Levitte
5dcf517d84 To avoid all kinds of link-level clashes, rename all old des_*
functions to _old_des_*.
2002-01-24 12:19:13 +00:00
Ben Laurie
24995f3a10 Support old DES APIs by default. 2002-01-22 23:19:01 +00:00
Ben Laurie
0fc5cf0870 Make no config file not an error. Move /dev/crypto config to ctrl. 2002-01-22 22:29:58 +00:00
Dr. Stephen Henson
f78d4a35f8 Constification. 2002-01-22 02:06:33 +00:00
Dr. Stephen Henson
df5eaa8a52 default_algorithms option in ENGINE config. 2002-01-22 01:40:18 +00:00
Lutz Jänicke
575e664a7c Fix incorrect BIO_*_ctrl() macros (Shay Harding <sharding@ccbill.com>). 2002-01-21 17:59:37 +00:00
Richard Levitte
7389c848d4 Use FIPS-197 vectors for AES. The NIST vectors were constructed by
reencrypting or redecrypting the ciphertext 10000 times, which of
course gives higly different results.
2002-01-21 17:55:38 +00:00
Richard Levitte
4d393410f3 Add more of the NIST test vectors for AES.
For some reason, they give incorrect results with the OpenSSL
implementation.  I wonder why...
2002-01-21 16:09:45 +00:00
Richard Levitte
bd69750360 Bring VMS up to date with development. 2002-01-21 15:37:53 +00:00
Dr. Stephen Henson
c9501c223f Initial ENGINE config module, docs to follow.
Fix buffer overrun errors in OPENSSL_conf().
2002-01-21 03:02:36 +00:00
Ben Laurie
9dd5ae6553 Constification, add config to /dev/crypto. 2002-01-18 16:51:05 +00:00
Bodo Möller
e1e876072d disable broken code 2002-01-18 12:28:05 +00:00
Ben Laurie
dd2589494f Other errors are possible. 2002-01-18 12:19:24 +00:00
Ben Laurie
1cfa8a397f Stupid apps should die, not fail silently. 2002-01-18 11:46:39 +00:00
Ben Laurie
bdae099862 Fix memory leak. 2002-01-18 11:32:30 +00:00
Ben Laurie
cca28b291c Constification, missing declaration, update dependencies. 2002-01-18 10:59:43 +00:00
Ben Laurie
45d87a1ffe Prototype info function. 2002-01-12 15:56:13 +00:00
Ben Laurie
37530362fa Return value could be undefined. 2002-01-12 13:13:22 +00:00
Richard Levitte
fd795679bb Patches to make OpenSSL compilable on MacOS/X.
Submitted by Pier Fumagalli <pier@betaversion.org>
2002-01-08 09:19:31 +00:00
Geoff Thorpe
e4dd79bbc8 - Add the same header stuff to aes_locl.h as is in des_locl.h to avoid
undefined functions (memset, etc).
- Put a .cvsignore in the aes directory too.
2002-01-05 12:55:08 +00:00
Dr. Stephen Henson
bc37d996fc Experimental configuration code.
Incomplete, largely untested and subject to change/deletion.
2002-01-05 01:37:16 +00:00
Bodo Möller
245f44e2ab add automatically generated ERR_load_... prototype 2002-01-04 13:12:08 +00:00
Bodo Möller
e5d6528a12 fix EVP_CIPHER_mode macro
Submitted by: "Dan S. Camper" <dan@bti.net>
2002-01-04 13:04:45 +00:00
Richard Levitte
6f9079fd50 Because Rijndael is more known as AES, use crypto/aes instead of
crypto/rijndael.  Additionally, I applied the AES integration patch
from Stephen Sprunk <stephen@sprunk.org> and fiddled it to work
properly with the normal EVP constructs (and incidently work the same
way as all other symmetric cipher implementations).

This results in an API that looks a lot like the rest of the OpenSSL
cipher suite.
2002-01-02 16:55:35 +00:00
Richard Levitte
c938563a81 The block size may be something other than 8! 2002-01-02 16:51:17 +00:00
Richard Levitte
40928698bb When RSA or DSA are disabled, do not include the stuff that's specific
to them.
2002-01-02 12:45:51 +00:00
Richard Levitte
138d8ab0c7 make update 2002-01-02 12:44:54 +00:00
Richard Levitte
67fec850e1 Allow verification of other types than DATA.
Submitted by Leonard Janke <leonard@votehere.net>
2002-01-02 11:54:38 +00:00
Richard Levitte
e7227322b3 Allow 8-bit characters. This is not really complete, it only marks
characters with the highest bit set as HIGHBIT.  We need to expand
this to support the UTF-8 character set properly.  However, this
solves the problem that the character 0x80 (which is common in UTF-8)
gets masked to 0x00.
Patch submitted by "Huang Yuzhen" <huangyuzhen@bj.tom.com>
2002-01-02 11:06:02 +00:00
Richard Levitte
a92ae07091 And just for the sake of completeness, let's add some standard macros... 2001-12-21 01:12:29 +00:00
Richard Levitte
68809d3969 Better use the same number in all branches, to avoid confusion 2001-12-21 01:08:40 +00:00
Richard Levitte
d6a89fcf88 Do not forget to compile comp_err.c 2001-12-20 22:12:10 +00:00
Ben Laurie
7c517a04b1 Security fix. 2001-12-20 12:18:08 +00:00
Bodo Möller
755cc53a6e formatting consistency 2001-12-17 19:28:05 +00:00
Bodo Möller
1226c472b7 oops 2001-12-17 19:26:43 +00:00
Bodo Möller
4d7072f4b5 remove redundant ERR_load_... declarations 2001-12-17 19:22:23 +00:00
Bodo Möller
66df02fd98 fix BN_rand_range 2001-12-14 10:09:29 +00:00
Richard Levitte
f11fd3f4e1 Implement failover for ubsec. Submitted by Subramanian Ramamoorthy
<sram@broadcom.com> with the following comment:

[...] We have implemented failover (ie, if for some reason that the
hardware fails, the implementation detects this failure and performs
this operation as if no hardware is present, ie, in software) for
sometime now and have tested it here with our hardware. [...]

This change was cc:ed to exports@crypto.com
2001-12-12 12:53:13 +00:00
Ulf Möller
31106cc750 name confusion with HP library function prototype (?) 2001-12-10 18:52:06 +00:00
Ben Laurie
ff3fa48fc7 Improve back compatibility. 2001-12-09 21:53:31 +00:00
Dr. Stephen Henson
f3e24baddf Don't overwrite signing time. 2001-12-07 00:36:32 +00:00
Richard Levitte
d4704d5245 UID was never a lable for uniqueIdentifier. However, LDAP and certain
RFCs concerning X.500 directories use UID as a shorter name for the
attribute type userId, which is defined by CCITT and available through
RFCs 1274 and 2247.

Unfortunately, if some applications have used the name "UID" for the
uniqueIdentifier attribute type, they will produce incorrect results.
However, I found it better to follow the standards that are out there
rather than having our own incompatible one.
2001-12-04 11:01:17 +00:00
Bodo Möller
c3fbf5d9a8 Fix: 2.5.29 is "id-ce", not "ld-ce" (sort of a typo in objects.h).
Fix (?): Delete 'ip-pda 6' (id-pda-pseudonym) because it does not exist
in RFC 3039.

Also change Perl scripts to put auto-generation warning in the
first lines of the file.
2001-12-03 13:47:22 +00:00
Dr. Stephen Henson
6a0dec9584 Make EVP_SealInit() return the correct value. 2001-12-01 23:09:38 +00:00
Dr. Stephen Henson
322de0c8c1 NO_DSA, NO_RSA patches. 2001-12-01 22:41:39 +00:00
Geoff Thorpe
bcbe4e5254 This looks to have been a typo. 2001-11-24 04:02:42 +00:00
Bodo Möller
883b0c2274 fix submitted by Andy Schneider <andy.schneider@bjss.co.uk>
(in main branch, hn_ncipher.c is already correct)
2001-11-23 20:58:40 +00:00
Bodo Möller
c05940edc7 comment 2001-11-22 11:08:38 +00:00
Geoff Thorpe
c507a16e49 Cut "ENGINE_ID" to the more concise "ID". 2001-11-22 10:08:49 +00:00
Geoff Thorpe
e4a6cf421a When the "dynamic" ENGINE loads another ENGINE from a shared-library, it
essentially overwrites itself with the new ENGINE, with the exception of
reference counts, ex_data structures, and other 'admin' elements. However
if the new ENGINE doesn't populate certain elements, there's the risk of
the "dynamic" ENGINE's elements showing through - the "cmd_defns" were just
one of the possibilities. This implements a more comprehensive cleanup.
2001-11-22 09:13:18 +00:00
Geoff Thorpe
329636d6e3 The "openssl" ENGINE is no longer used except as a testing/debugging
device. This change enables it for building as a self-contained "dynamic"
ENGINE, to help testing such mechanisms.
2001-11-22 09:01:11 +00:00
Geoff Thorpe
9163b8fb23 'flags' should only be set inside DSO_load() if constructing a new DSO
object - otherwise we overwrite any flags that had been previously set in
the DSO before calling DSO_load().
2001-11-22 08:48:09 +00:00
Richard Levitte
9d93ce246c On VMS, the norm is still that symbols are uppercased, so for now it's better
to trust that norm.  I might implement a control for this later on
2001-11-16 13:12:19 +00:00
Bodo Möller
e71adb85c5 avoid stupid compiler warning 2001-11-16 11:37:36 +00:00
Richard Levitte
0d197a833c On systems that don't do too well including headers from a different
directory, trust the building scripts to handle it properly.
2001-11-16 08:54:34 +00:00
Richard Levitte
e0031b80ee Make sure evp_locl.h can be included (hw_openbsd_dev_crypto.c needs that). 2001-11-16 08:52:56 +00:00
Bodo Möller
b19941ab05 comment 2001-11-16 06:22:21 +00:00
Bodo Möller
752938daab use a more interesting test case 2001-11-16 06:22:05 +00:00
Bodo Möller
c78515f55e comments etc. 2001-11-15 22:35:41 +00:00
Bodo Möller
3ba1f11147 Improve EC efficiency. 2001-11-15 22:32:11 +00:00
Richard Levitte
acf60ef707 At least for the two common Unixly DSO loading methods, include the
system error in the error text.
2001-11-15 18:24:42 +00:00
Richard Levitte
b476df64a1 make update
perl util/mkerr.pl -recurse -write -rebuild
2001-11-15 12:25:14 +00:00
Richard Levitte
5b8a57ecae After loading a dynamic engine, reset the command definitions to the
empty set.  This prevents engines that do not set the command
definitions themselves to inherit the ones from "dynamic", which would
otherwise be very confusing.
2001-11-14 22:32:19 +00:00
Bodo Möller
3a8a0a3945 2001, not 2000 2001-11-09 13:15:05 +00:00
Bodo Möller
c5d4ab7e35 adjust to OpenSSL_0_9_6-stable version 2001-11-09 13:09:11 +00:00
Bodo Möller
b955dbd325 cast to 'unsigned long' before using ~ if we need an unsigned long result
Submitted by: "Stefan Marxen" <stefan.marxen@gmx.net>
2001-11-09 12:58:05 +00:00
Dr. Stephen Henson
3a3619b46a PKCS#12 code fixes: initialize and cleanup digests and ciphers
properly.
2001-11-06 13:54:48 +00:00
Dr. Stephen Henson
b83eddc578 Win32 fixes. 2001-11-06 13:40:27 +00:00
Richard Levitte
7f558334ad des_old.h doesn't really need to include des.h, so don't. That will
avoid clashes with other code that have their own DES_ functions but
really only use OpenSSL's old des_ functions.
2001-11-06 11:37:14 +00:00
Richard Levitte
6acc3b9689 Place the OpenSSL-specific headers back so they always get included,
or we get a dependency war in Makefile.ssl
2001-11-05 18:18:12 +00:00
Richard Levitte
66aa856698 No need to include anything on systems that do not have /dev/crypt 2001-11-05 12:44:14 +00:00
Richard Levitte
a7b42009c4 Change the shared library support so the shared libraries get built
sooner and the programs get built against the shared libraries.

This requires a bit more work.  Things like -rpath and the possibility
to still link the programs statically should be included.  Some
cleanup is also needed.  This will be worked on.
2001-10-30 08:00:59 +00:00
Richard Levitte
7b5ffd6834 Addapt VMS scripts to the newer disk layout system ODS-5, which allows more than one period and mixed size characters in file names 2001-10-29 13:05:28 +00:00
Dr. Stephen Henson
1586365835 Stop compiler warnings. 2001-10-27 00:18:04 +00:00
Dr. Stephen Henson
7d5b04db4e Add support for Subject Info Acess extension. 2001-10-27 00:16:53 +00:00
Bodo Möller
b693f941fd Consistency fix in BUF_MEM_grow: Initialise to zero when new memory
had to be allocated, not just when reusing the existing buffer.
2001-10-26 13:12:25 +00:00
Bodo Möller
c602e7f4e8 disable caching in BIO_gethostbyname 2001-10-26 13:04:23 +00:00
Ben Laurie
f533b7780e Fix warning. 2001-10-25 14:24:59 +00:00
Bodo Möller
cc2f5a8022 Like MD_Init, MD now must include a NULL engine pointer in its definition. 2001-10-25 08:53:54 +00:00
Bodo Möller
b441bf9226 remove redundant definitions that are also in des.h 2001-10-25 08:46:10 +00:00
Bodo Möller
af50b58c3f filenames are des_old.[ch], not des.comp* 2001-10-25 08:23:13 +00:00
Richard Levitte
ce15d5a9dc Remove DES_random_seed() but retain des_random_seed() for now. Change
the docs to reflect this change and correct libeay.num.
2001-10-25 06:46:22 +00:00
Richard Levitte
cfc781be6e Have the removal warnings very high up in the source. 2001-10-25 05:37:10 +00:00
Richard Levitte
84acc3c2bc A C file is a C file is a C file! 2001-10-24 21:31:14 +00:00
Richard Levitte
c2e4f17c1a Due to an increasing number of clashes between modern OpenSSL and
libdes (which is still used out there) or other des implementations,
the OpenSSL DES functions are renamed to begin with DES_ instead of
des_.  Compatibility routines are provided and declared by including
openssl/des_old.h.  Those declarations are the same as were in des.h
when the OpenSSL project started, which is exactly how libdes looked
at that time, and hopefully still looks today.

The compatibility functions will be removed in some future release, at
the latest in version 1.0.
2001-10-24 21:21:12 +00:00
Richard Levitte
513d4b4c16 make update 2001-10-24 08:27:22 +00:00
Richard Levitte
7ef701519b Correction of the id-pda OID's.
Submitted by Frederic.Giudicelli@INTRINsec.com
2001-10-23 14:30:57 +00:00
Dr. Stephen Henson
f1558bb424 Reject certificates with unhandled critical extensions. 2001-10-21 02:09:15 +00:00
Dr. Stephen Henson
98e6654938 Typo. 2001-10-20 16:22:28 +00:00
Dr. Stephen Henson
cecd263878 Add missing EVP_CIPHER_CTX_{init,cleanup} 2001-10-20 16:18:03 +00:00
Dr. Stephen Henson
581f1c8494 Modify EVP cipher behaviour in a similar way
to digests to retain compatibility.
2001-10-17 00:37:12 +00:00
Dr. Stephen Henson
20d2186c87 Retain compatibility of EVP_DigestInit() and EVP_DigestFinal()
with existing code.

Modify library to use digest *_ex() functions.
2001-10-16 01:24:29 +00:00
Ulf Möller
5dd955dcd2 openbsd-x86 macros
Submitted by: Toomas Kiisk <vix@cyber.ee>
2001-10-14 00:57:30 +00:00
Richard Levitte
67d0738aba In certain cases, no encoding has been set up for the b64 filter. In
such cases, a flush should *not* attempt to finalise the encoding, as
the EVP_ENCODE_CTX structure will only be filled with garbage.  For
the same reason, do the same check when a wpending is performed.
2001-10-11 19:38:40 +00:00
Richard Levitte
b8a61e7362 'make update' 2001-10-10 21:52:06 +00:00
Richard Levitte
dd5e774664 Add support for md4WithRSAEncryption. 2001-10-10 21:37:45 +00:00
Richard Levitte
b30245dae0 'make update' 2001-10-10 07:56:20 +00:00
Richard Levitte
116daf4c2f To avoid commit wars over dependencies, let's make it so things that
depend on the environment, like the presence of the OpenBSD crypto
device or of Kerberos, do not change the dependencies within OpenSSL.
2001-10-10 07:55:02 +00:00
Richard Levitte
4b12506891 A few more OIDs, contributed by Peter Sylvester <Peter.Sylvester@EdelWeb.fr> 2001-10-09 15:32:23 +00:00
Geoff Thorpe
cf98440178 evp_test.c and evptests.txt both need to be linked in the test/ directory
however for different reasons. This separation should prevent the win32
build from interpreting evptests.txt as source code.
2001-10-09 01:38:31 +00:00
Geoff Thorpe
c500d44735 Change some EVP prototypes to use "cipher" rather than "type" as a variable
name. The implementations already use this anyway.
2001-10-08 17:25:42 +00:00
Geoff Thorpe
18eda73234 EVP_EncryptInit_ex() and EVP_DecryptInit_ex() had been defined in evp.h but
not implemented. (Bug reported by Martin Szotkowski)

This also changes the non-"_ex" versions to defer directly to
EVP_CipherInit_ex() rather than EVP_CipherInit() to avoid an unecessary
level of indirection.
2001-10-08 17:24:10 +00:00
Geoff Thorpe
7526e2c043 As ENGINE_load_openbsd_dev_crypto() is an API function, it makes sense for
it to be defined on all platforms whether or not it is of any practical
use on them. This also resolves linker problems on "special" platforms,
such as win32.
2001-10-08 17:08:17 +00:00
Geoff Thorpe
6d52f260bf Make sure the "ENGINE_TABLE" cleanup callbacks have correct prototypes. 2001-10-08 17:06:52 +00:00
Geoff Thorpe
752f2b6785 Missing pointer in the eng_table_register function. Reported by
Martin Szotkowski.
2001-10-08 14:44:38 +00:00
Lutz Jänicke
e1c279b63d Small documentation fixes (Howard Lum <howard@pumpkin.canada.sun.com>) 2001-10-08 08:37:24 +00:00
Richard Levitte
f8000b9345 'make update' 2001-10-04 07:49:09 +00:00
Richard Levitte
77a8eb352f Since ossl_typ.h is an exported header, we sure need to export it on
VMS as well :-).
2001-10-04 07:46:30 +00:00
Richard Levitte
114697bef3 Because there's chances we clash with the system's types.h, rename our
types.h to ossl_typ.h.
Also, it seems like krb5 was forgotten in some places.
2001-10-04 07:34:45 +00:00
Richard Levitte
2aa9043ad3 Because there's chances we clash with the system's types.h, rename our
types.h to ossl_typ.h.
2001-10-04 07:32:46 +00:00
Dr. Stephen Henson
1a095560f7 Use the maximum block length for the extra size in the encrypt
BIO buffer instead of hard coding it as 8.
2001-10-03 12:47:03 +00:00
Dr. Stephen Henson
f329b8d73b Make EVP_DecryptUpdate work again. 2001-10-02 16:19:49 +00:00
Richard Levitte
e3a7463c5d A lot of things are undeclared unless x509.h is included. 2001-10-02 11:06:42 +00:00
Richard Levitte
796c6eadcb Hmm, everything "open" isn't necessarely "openssl" :-).
*sigh* habit...
2001-10-02 10:03:15 +00:00
Richard Levitte
b485e5b7e3 Woopsie... 2001-10-01 17:20:28 +00:00
Richard Levitte
1cf9d58cb4 sk_ENGINE_CLEANUP_ITEM_pop_free() is duplicated in ENGINE_cleanup().
Let's use sk_ENGINE_CLEANUP_ITEM_pop_free() instead.
2001-10-01 17:15:28 +00:00
Richard Levitte
0cff933416 Addapt seldom compiled code to new semantics of the key schedule (not
a pointer any more).
2001-10-01 17:10:10 +00:00
Richard Levitte
c41b29e5db Some new symbols have very long names... 2001-10-01 17:09:17 +00:00
Richard Levitte
65fb3fa630 o_time.c contains symbols with dollar signs in them, so we must tell
the compiler not to warn about that.
2001-10-01 17:08:18 +00:00
Geoff Thorpe
0b0f08dbc7 The cleanup stack in ENGINE changed slightly, so this "make update" is
needed.
2001-10-01 16:39:58 +00:00
Geoff Thorpe
5c32657c80 The STACK macros take care of casting to and from the designated item type
of the stack, and the (void *) type used in the underlying sk_***
functions.  However, declaring a STACK_OF(type) where type is a *function*
type implicitly involves casts between function pointers and data pointers.
That's a no-no. This changes the ENGINE_CLEANUP handling to use a regular
data type in the stack.
2001-10-01 16:26:00 +00:00
Dr. Stephen Henson
de822715b2 Constify EVP_SealInit, EVP_OpenInit 2001-09-28 01:47:36 +00:00
Dr. Stephen Henson
d46c1a8126 Support fractional seconds in GeneralizedTime 2001-09-28 00:44:44 +00:00
Richard Levitte
e32587d5a6 Synchronise with Unixly build. 2001-09-27 16:07:36 +00:00
Richard Levitte
37da54b10e The #error message must match a very specific regexp (see mkdef.pl,
currently line 470).
2001-09-26 15:18:32 +00:00
Ben Laurie
0fea7ed4a4 Don't clean up stuff twice. 2001-09-26 15:15:03 +00:00
Ben Laurie
dbeac560aa Fixes. 2001-09-26 15:14:10 +00:00
Ben Laurie
c9fc143972 Fix warning. 2001-09-26 11:38:57 +00:00
Geoff Thorpe
004aa803a9 "FALLBACK" handling was a hack that was thrown out long ago in the
ENGINE redevelopment. The idea had been that "-1" could be used as a
special "ask me later" 'nid' rather than specifying supported cipher and
digest 'nid's up front. However the idea turned out to be pretty broken.
2001-09-25 21:52:39 +00:00
Geoff Thorpe
d7e0299792 Fiddling. 2001-09-25 21:44:12 +00:00
Geoff Thorpe
9dfdf0ad1d This change puts the original OpenBSD /dev/crypto support that was in
crypto/evp/ into the corresponding ENGINE. This code is currently untested.
2001-09-25 21:43:08 +00:00
Geoff Thorpe
3b04cdd706 This change adds dummy RC4 and SHA1 support to the "openssl" ENGINE for
testing. Because of the recent changes (see crypto/engine/README), the
"openssl" ENGINE is no longer needed nor is it loaded automatically or by
ENGINE_load_builtin_engines(). So a explicit ENGINE_load_openssl() call is
required by applications or a modification to eng_all.c before this ENGINE
will be used. This change will send output to stderr as/when its
implementations are used.
2001-09-25 21:41:20 +00:00
Geoff Thorpe
11a57c7be5 This changes EVP's cipher and digest code to hook via the ENGINE support.
See crypto/engine/README for details.

- it also removes openbsd_hw.c from the build (that functionality is
  going to be available in the openbsd ENGINE in a upcoming commit)

- evp_test has had the extra initialisation added so it will use (if
  possible) any ENGINEs supporting the algorithms required.
2001-09-25 21:37:02 +00:00
Geoff Thorpe
b370230b78 This change adds cipher and digest support into ENGINE using the
ENGING_TABLE mechanism. The necessary hooks from crypto/evp/ to use this
will be committed shortly.
2001-09-25 21:28:40 +00:00
Geoff Thorpe
50a381b789 indentation. 2001-09-25 21:22:32 +00:00
Geoff Thorpe
534aaf3731 "make update". 2001-09-25 20:39:59 +00:00
Geoff Thorpe
cb78486d97 This commits changes to various parts of libcrypto required by the recent
ENGINE surgery. DH, DSA, RAND, and RSA now use *both* "method" and ENGINE
pointers to manage their hooking with ENGINE. Previously their use of
"method" pointers was replaced by use of ENGINE references. See
crypto/engine/README for details.

Also, remove the ENGINE iterations from evp_test - even when the
cipher/digest code is committed in, this functionality would require a
different set of API calls.
2001-09-25 20:23:40 +00:00
Geoff Thorpe
9c9aa4f145 This commits the changes to STACK macros forced by recent ENGINE surgery. 2001-09-25 20:17:15 +00:00
Geoff Thorpe
b6d1e52d45 This change replaces the ENGINE's underlying mechanics with the new
ENGINE_TABLE-based stuff - as described in crypto/engine/README.

Associated miscellaneous changes;
 - the previous cipher/digest hooks that hardwired directly to EVP's
   OBJ_NAME-based storage have been backed out. New cipher/digest support
   has been constructed and will be committed shortly.
 - each implementation defines its own ENGINE_load_<name> function now.
 - the "openssl" ENGINE isn't needed or loaded any more.
 - core (not algorithm or class specific) ENGINE code has been split into
   multiple files to increase readability and decrease linker bloat.
 - ENGINE_cpy() has been removed as it wasn't really a good idea in the
   first place and now, because of registration issues, can't be
   meaningfully defined any more.
 - BN_MOD_EXP[_CRT] support is removed as per the README.
 - a bug in enginetest.c has been fixed.

NB: This commit almost certainly breaks compilation until subsequent
changes are committed.
2001-09-25 20:00:51 +00:00
Geoff Thorpe
f185e725a0 Some major restructuring changes to ENGINE, including integrated cipher and
digest support, are on their way. Rather than having gigantic commit log
messages and/or CHANGES entries, this change to the README will serve as an
outline of what it all is and how it all works.
2001-09-25 19:31:30 +00:00
Dr. Stephen Henson
591ccf586d Fix AES CBC mode EVP_CIPHER structures: the IV length is always
16.
2001-09-25 13:49:58 +00:00
Richard Levitte
98c2a26ea6 In case of memory problems, the va_start() wasn't cleaned with a va_end().
Noticed by Thomas Klausner <wiz@danbala.ifoer.tuwien.ac.at>.
2001-09-24 13:39:48 +00:00
Bodo Möller
be6d77005f comments 2001-09-20 15:41:34 +00:00
Geoff Thorpe
2b67158673 Some of the ENGINE file names were changed for 8.3 filename uniqueness
recently. So comments including file names have been fixed, and copyright
notices brought up to "2001" at the same time.
2001-09-14 18:31:57 +00:00
Geoff Thorpe
db744f8950 Fix a typo in the preprocessor logic in eng_list.c that had left RSA, DSA,
and DH all conditional upon OPENSSL_NO_RSA.
2001-09-14 18:23:31 +00:00
Geoff Thorpe
e059b19ddb Add a SHA1 test to evptests.txt - only the MD5 hash algorithm was being
tested previously.
2001-09-14 18:21:36 +00:00
Geoff Thorpe
997a54c981 'evp_test' needs to initialise and cleanup EVP_CIPHER_CTX structures. Also,
fix a typo and add cleanup operations. This also switches on memory leak
checking (which is how the rest was found).
2001-09-14 18:20:44 +00:00
Bodo Möller
4e1b0d8904 avoid "statement not reached" warning 2001-09-13 13:02:59 +00:00
Geoff Thorpe
1a1422643b ENGINE uses a very opaque design, so we can predeclare the structure type
in "types.h" so that very few headers will need to include engine.h,
generally only C files using API functions will need it (reducing
the header dependencies quite a lot).
2001-09-12 02:34:20 +00:00
Geoff Thorpe
409960491d ENGINE files were renamed, and error strings are now in eng_err.c 2001-09-12 01:54:17 +00:00
Dr. Stephen Henson
96bd6f730a Add certificate and request demos.
Fix X509V3 macro so they compile.
2001-09-12 00:19:20 +00:00
Geoff Thorpe
51ac0cfe44 make update 2001-09-10 21:18:11 +00:00
Geoff Thorpe
1023cfe70d enginetest needs 'memset' defined. 2001-09-10 21:02:06 +00:00
Ulf Möller
8e0a2d8461 missed one file 2001-09-10 20:16:31 +00:00
Bodo Möller
9f29ec4721 fix memory leak (I think) 2001-09-10 18:50:09 +00:00
Bodo Möller
b9a20b5057 remove an old comment 2001-09-10 18:49:25 +00:00
Bodo Möller
8573fa1806 avoid warning ('const' discarded) 2001-09-10 17:46:54 +00:00
Bodo Möller
5a85385387 typo 2001-09-10 16:57:06 +00:00
Bodo Möller
5e54b4f364 Get rid of hazardous EVP_DigestInit_dbg/EVP_DigestInit case
distinction (which does not work well because if CRYPTO_MDEBUG is
defined at library compile time, it is not necessarily defined at
application compile time; and memory debugging now can be reconfigured
at run-time anyway).  To get the intended semantics, we could just use
the EVP_DigestInit_dbg unconditionally (which uses the caller's
__FILE__ and __LINE__ for memory leak debugging), but this would make
memory debugging inconsistent.  Instead, callers can use
CRYPTO_push_info() to track down memory leaks.
2001-09-10 15:00:30 +00:00
Bodo Möller
5ba372b17c Get rid of hazardous EVP_DigestInit_dbg/EVP_DigestInit case
distinction (which does not work well because if CRYPTO_MDEBUG is
defined at library compile time, it is not necessarily defined at
application compile time; and memory debugging now can be reconfigured
at run-time anyway).  To get the intended semantics, we could just use
the EVP_DigestInit_dbg unconditionally (which uses the caller's
__FILE__ and __LINE__ for memory leak debugging), but this would make
memory debugging inconsistent.  Instead, callers can use
CRYPTO_push_info() to track down memory leaks.

Also fix indentation, and add OpenSSL copyright.
2001-09-10 14:59:17 +00:00
Bodo Möller
f9b0f47c0c copyright 2001-09-10 14:51:19 +00:00
Bodo Möller
4deeadf7dc Delete pointless casts 2001-09-10 14:10:10 +00:00
Bodo Möller
384eff877c Fix apps/openssl.c and ssl/ssltest.c so that they use
CRYPTO_set_mem_debug_options() instead of CRYPTO_dbg_set_options(),
which is the default implementation of the former and should usually
not be directly used by applications (at least if we assume that the
options accepted by the default implementation will also be meaningful
to any other implementations).

Also fix apps/openssl.c and ssl/ssltest such that environment variable
setting 'OPENSSL_DEBUG_MEMORY=off' actively disables the compiled-in
library defaults (i.e. such that CRYPTO_MDEBUG is ignored in this
case).
2001-09-10 09:50:30 +00:00
Dr. Stephen Henson
68dbba9817 Replace old (and invalid) copyright notice. 2001-09-08 12:15:09 +00:00
Bodo Möller
ea7150b070 The various hash #includes in rand_lcl.h *are* needed despite
<openssl/evp.h> is now used (MD_DIGEST_LENGTH definitions!).
No need to include such headers directly in md_rand.c.
2001-09-07 23:55:15 +00:00
Ben Laurie
e8330cf5ac Add a cleanup function for MDs. 2001-09-07 12:03:24 +00:00
Ben Laurie
f1047cebea Remove duplication. 2001-09-07 11:44:59 +00:00
Ben Laurie
da8a2e6f90 Now need sha.h for some reason. 2001-09-07 11:44:17 +00:00
Ben Laurie
546ec5a9b3 Redo type-safety fix. 2001-09-07 11:43:30 +00:00
Ulf Möller
14cfde9c83 make engine file names unique in 8.3 2001-09-07 04:14:48 +00:00
Ulf Möller
ce9eab79a7 unused function 2001-09-06 17:02:33 +00:00
Ulf Möller
e9e202cfa8 include the proper header file 2001-09-06 16:25:34 +00:00
Ulf Möller
d83ae69455 double definition 2001-09-06 16:24:29 +00:00
Bodo Möller
619b2c03dc Avoid strdup.
(Some platforms need _XOPEN_SOURCE and _XOPEN_SOURCE_EXTENDED to get
the declaration, but on other platforms _XOPEN_SOURCE disables
the strdup declaration in <string.h>.)
2001-09-06 13:09:00 +00:00
Bodo Möller
78f7923580 Totally get rid of CRYPTO_LOCK_ERR_HASH.
In err.c, flags int_error_hash_set and int_thread_hash_set
appear superfluous since we can just as well initialize
int_error_hash and int_thread_hash to NULL.

Change some of the err.c formatting to conform with the rest of
OpenSSL.
2001-09-06 12:37:36 +00:00
Bodo Möller
a9ed4da8eb improve OAEP check 2001-09-06 10:42:56 +00:00
Bodo Möller
e1a4814cd4 fix formatting so that the file can be view with any tab-width 2001-09-06 09:30:16 +00:00
Geoff Thorpe
1a7691c059 This adds "destroy" handlers to the existing ENGINEs that load their own
error strings - the destroy handler functions unload the error strings so
any pending error state referring to them will not attempt to reference
them after the ENGINE has been destroyed.
2001-09-05 19:00:33 +00:00
Geoff Thorpe
f524ddbe04 ENGINE's init() and finish() handler functions are used when the ENGINE is
being enabled or disabled (respectively) for operation. Additionally, each
ENGINE has a constructor function where it can do more 'structural' level
intialisations such as loading error strings, creating "ex_data" indices,
etc. This change introduces a handler function that gives an ENGINE a
corresponding opportunity to cleanup when the ENGINE is being destroyed. It
also adds the "get/set" API functions that control this "destroy" handler
function in an ENGINE.
2001-09-05 18:32:23 +00:00
Geoff Thorpe
e815d3015e Change DH_up() -> DH_up_ref() 2001-09-05 17:02:35 +00:00
Geoff Thorpe
dc2a33d680 "DH_up" had been changed to "DH_up_ref" in libeay.num but the function
declaration and implementation had not. So a recent update recreated the
original definition in libeay.num ... this corrects it and changes the "dh"
code to the "up_ref" variant.
2001-09-05 16:54:32 +00:00
Bodo Möller
7ba45bf133 Solaris <string.h> does not declare 'strdup' if _XOPEN_SOURCE is
defined.

(Preprocessor symbols such as _POSIX_C_SOURCE or _XOPEN_SOURCE are
supposed to disable anything not allowed by the respective
specification; I'm not sure why 'strdup' would be considered
an outlaw though.)
2001-09-05 14:40:05 +00:00
Ulf Möller
d98a4b7366 bug fix: bn_sqr_recursive output is twice its input size. 2001-09-05 04:43:43 +00:00
Ulf Möller
9d07fd03e3 Use GCC 2.95/3.0 optimization 2001-09-05 02:18:40 +00:00
Ulf Möller
5b46eee0f5 strsep implementation to allow the file to compile on non-BSD systems
Submitted by: "Brian Havard" <brianh@kheldar.apana.org.au>
2001-09-04 22:19:06 +00:00
Geoff Thorpe
e5e6a94fbf Make the 'dynamic' ENGINE bundle up the loading application/library's
locking callbacks to pass to the loaded library (in addition to the
existing mem, ex_data, and err callbacks). Also change the default
implementation of the "bind_engine" function to apply those callbacks, ie.
the IMPLEMENT_DYNAMIC_BIND_FN macro.
2001-09-04 21:25:17 +00:00
Geoff Thorpe
d9ff889073 Add a "_up" -> "_up_ref" change to libeay.num that was missing from the
recent changes. Also, do the same change to the DSO_up() function.
2001-09-04 20:40:41 +00:00
Bodo Möller
e4decc418a typo 2001-09-04 11:57:17 +00:00
Bodo Möller
cf5bfbfc21 Now that we have ERR_unload_strings(), ERR_load_ERR_strings() must
always load its strings because they might have been unloaded
since the 'init' flag was deleted.

But build_SYS_str_reasons() can use an 'init' flag.
2001-09-04 11:49:14 +00:00
Bodo Möller
567fef894e changing something requires a write lock, not a read lock 2001-09-04 11:15:55 +00:00
Bodo Möller
435037d4e4 OpenSSL copyright notices ... 2001-09-04 11:02:23 +00:00
Bodo Möller
c5de8996cc delete redundant ERR_load_CRYPTO_strings() prototype 2001-09-04 10:45:01 +00:00
Geoff Thorpe
2dc5383a20 This changes the existing hardware ENGINE implementations to dynamically
declare their own error strings so that they can be more easily compiled as
external shared-libraries if desired. Also, each implementation has been
given canonical "dynamic" support at the base of each file and is only
built if the ENGINE_DYNAMIC_SUPPORT symbol is defined.

Also, use "void" prototypes rather than empty prototypes in engine_int.h.

This does not yet;
  (i) remove error strings when unloading,
 (ii) remove the redundant ENGINE_R_*** codes (though ENGINE_F_*** codes
      have gone), or
(iii) provide any instructions on how to build shared-library ENGINEs or
      use them.

All are on their way.
2001-09-03 21:33:00 +00:00
Geoff Thorpe
9391f97715 This change adds a new ENGINE called "dynamic" that allows new ENGINE
implementations to be loaded from self-contained shared-libraries. It also
provides (in engine.h) definitions and macros to help implement a
self-contained ENGINE. Version control is handled in a way whereby the
loader or loadee can veto the load depending on any objections it has with
each other's declared interface level. The way this is currently
implemented assumes a veto will only take place when one side notices the
other's interface level is too *old*. If the other side is newer, it should
be assumed the newer version knows better whether to veto the load or not.
Version checking (like other "dynamic" settings) can be controlled using
the "dynamic" ENGINE's control commands. Also, the semantics for the
loading allow a shared-library ENGINE implementation to handle differing
interface levels on the fly (eg. loading secondary shared-libraries
depending on the versions required).

Code will be added soon to the existing ENGINEs to illustrate how they can
be built as external libraries rather than building statically into
libcrypto.

NB: Applications wanting to support "dynamic"-loadable ENGINEs will need to
add support for ENGINE "control commands". See apps/engine.c for an example
of this, and use "apps/openssl engine -vvvv" to test or experiment.
2001-09-03 19:15:29 +00:00
Geoff Thorpe
1738bb61e1 Add a new ERR function, "ERR_unload_strings", to complement the existing
"ERR_load_strings" function.
2001-09-03 18:24:56 +00:00
Geoff Thorpe
91b3f0e691 Correct a typo. 2001-09-03 17:24:27 +00:00
Bodo Möller
6ac4e8bd6e Rename recently introduced functions for improved code clarity:
[DR]SA_up  =>  [DR]SA_up_ref
2001-09-03 13:40:07 +00:00
Bodo Möller
983495c4b2 Use uniformly chosen witnesses for Miller-Rabin test
(by using new BN_pseudo_rand_range function)
2001-09-03 12:58:16 +00:00
Bodo Möller
931a23a5a5 rearrange #includes because trying to include <crypto/cryptodev.h>
is a bad idea if OPENSSL_OPENBSD_DEV_CRYPTO is not defined
2001-09-03 12:37:13 +00:00
Geoff Thorpe
72849dce81 Convert "max" to "mx" for variable names (brought to my attention by Steve
Henson). Also, reverse a previous change that used an implicit function
pointer cast rather than an explicit data pointer cast in the STACK cleanup
code.
2001-09-02 20:41:34 +00:00
Ben Laurie
2618893114 Make MD functions take EVP_MD_CTX * instead of void *, add copy() function. 2001-09-02 20:05:27 +00:00
Geoff Thorpe
79aa04ef27 Make the necessary changes to work with the recent "ex_data" overhaul.
See the commit log message for that for more information.

NB: X509_STORE_CTX's use of "ex_data" support was actually misimplemented
(initialisation by "memset" won't/can't/doesn't work). This fixes that but
requires that X509_STORE_CTX_init() be able to handle errors - so its
prototype has been changed to return 'int' rather than 'void'. All uses of
that function throughout the source code have been tracked down and
adjusted.
2001-09-01 20:02:13 +00:00
Geoff Thorpe
3a0799977b First step in fixing "ex_data" support. Warning: big commit log ...
Currently, this change merely addresses where ex_data indexes are stored
and managed, and thus fixes the thread-safety issues that existed at that
level. "Class" code (eg. RSA, DSA, etc) no longer store their own STACKS
and per-class index counters - all such data is stored inside ex_data.c. So
rather than passing both STACK+counter to index-management ex_data
functions, a 'class_index' is instead passed to indicate the class (eg.
CRYPTO_EX_INDEX_RSA). New classes can be dynamically registered on-the-fly
and this is also thread-safe inside ex_data.c (though whether the caller
manages the return value in a thread-safe way is not addressed).

This does not change the "get/set" functions on individual "ex_data"
structures, and so thread-safety at that level isn't (yet) assured.
Likewise, the method of getting and storing per-class indexes has not
changed, so locking may still be required at the "caller" end but is
nonetheless thread-safe inside "ex_data"'s internal implementation.
Typically this occurs when code implements a new method of some kind and
stores its own per-class index in a global variable without locking the
setting and usage of that variable. If the code in question is likely to be
used in multiple threads, locking the setting and use of that index is
still up to the code in question. Possible fixes to this are being
sketched, but definitely require more major changes to the API itself than
this change undertakes.

The underlying implementation in ex_data.c has also been modularised so
that alternative "ex_data" implementations (that control all access to
state) can be plugged in. Eg. a loaded module can have its implementation
set to that of the application loaded it - the result being that
thread-safety and consistency of "ex_data" classes and indexes can be
maintained in the same place rather than the loaded module using its own
copy of ex_data support code and state.

Due to the centralisation of "state" with this change, cleanup of all
"ex_data" state can now be performed properly. Previously all allocation of
ex_data state was guaranteed to leak - and MemCheck_off() had been used to
avoid it flagging up the memory debugging. A new function has been added to
perfrom all this cleanup, CRYPTO_cleanup_all_ex_data(). The "openssl"
command(s) have been changed to use this cleanup, as have the relevant test
programs. External application code may want to do so too - failure to
cleanup will not induce more memory leaking than was the case before, but
the memory debugging is not tricked into hiding it any more so it may
"appear" where it previously did not.
2001-09-01 19:56:46 +00:00
Geoff Thorpe
e19ea55783 Only OPENSSL_free() non-NULL pointers. 2001-09-01 18:37:17 +00:00
Ulf Möller
8716dbea40 undo, didn't work 2001-09-01 05:59:27 +00:00
Ulf Möller
e9bc66c84f *** empty log message *** 2001-09-01 05:30:45 +00:00
Ulf Möller
c078798c60 strsep implementation to allow the file to compile on non-BSD systems
Submitted by: "Brian Havard" <brianh@kheldar.apana.org.au>
2001-09-01 05:05:32 +00:00
Geoff Thorpe
3ae34e3a8c Ensure that failure to create the BIO in 'CRYPTO_mem_leaks_fp' doesn't
leave memory debugging turned off.
[Spotted by Götz Babin-Ebell]
2001-08-28 15:54:57 +00:00
Ben Laurie
1f3b65801b Fix SSL memory leak. 2001-08-28 13:45:41 +00:00
Geoff Thorpe
5e2c4e23f4 Make sure "CRYPTO_mem_leaks_fp" doesn't itself create a reportable memory
leak.
2001-08-27 22:12:56 +00:00
Geoff Thorpe
35780c2139 "make update" 2001-08-26 21:06:22 +00:00
Geoff Thorpe
ceff5fec5a gcc can't spot that 'derlst' is not used uninitialised, so appease it. 2001-08-26 21:04:21 +00:00
Ben Laurie
4897dc4056 Test digests. 2001-08-26 17:09:31 +00:00
Ben Laurie
35e33f0e52 Add digests. 2001-08-26 17:09:00 +00:00
Geoff Thorpe
a844e27baa Tidy up some code formatting. 2001-08-25 18:01:36 +00:00
Geoff Thorpe
566bdf2bda This changes the "ERR" code to have all access to state (a hash table of
error strings and a hash table storing per-thread error state) go via an
ERR_FNS function table. The first time an ERR operation occurs, the
implementation that will be used (from then on) is set to the internal
"defaults" implementation if it has not already been set. The actual LHASH
tables are only accessed by this implementation.

This is primarily for modules that can be loaded at run-time and bound into
an application (or a shared-library version of OpenSSL). If the module has
its own statically-linked copy of OpenSSL code - this mechanism allows it
to *not* create and use ERR information in its own linked "ERR" code, but
instead to use and interact with the state stored in the loader
(application or shared library). The loader calls ERR_get_implementation()
and the return value is what the module should use when calling its own
copy of ERR_set_implementation().
2001-08-25 17:51:59 +00:00
Geoff Thorpe
78435364ec Changes crypto/evp/ and ssl/ code from directly incrementing reference
counts in DH, DSA, and RSA structures. Instead they use the new "***_up()"
functions that handle this.
2001-08-25 17:28:23 +00:00
Geoff Thorpe
5cbc2e8bc1 Give DH, DSA, and RSA functions to "up" their reference counts. Otherwise,
dependant code has to directly increment the "references" value of each
such structure using the corresponding lock. Apart from code duplication,
this provided no "REF_CHECK/REF_PRINT" checking and violated
encapsulation.
2001-08-25 17:24:21 +00:00
Dr. Stephen Henson
3132ab8ce6 Add #ifdefs to some devcrypto code 2001-08-23 23:52:38 +00:00
Ben Laurie
c41ab9ade5 More tests. 2001-08-22 16:09:57 +00:00
Ben Laurie
82b2230527 Add RC4 support to OpenBSD. 2001-08-18 16:04:36 +00:00
Ben Laurie
a8a004987c Add AES tests. 2001-08-18 16:02:52 +00:00
Ben Laurie
0e36019977 Add EVP test program. 2001-08-18 13:53:01 +00:00
Ben Laurie
354c3ace73 Add first cut symmetric crypto support. 2001-08-18 10:22:54 +00:00
Dr. Stephen Henson
35bf35411c Add CRL utility functions to allow CRLs to be
built up without accessing structures directly.

Update ca.c to use new functions.

Fix ca.c so it now build CRLs correctly again.
2001-08-17 00:33:43 +00:00
Lutz Jänicke
54fbc77dc8 Bugfixes provided by "Stephen Hinton" <shinton@netopia.com>. 2001-08-16 15:28:00 +00:00
Geoff Thorpe
6982c0da4e The indexes returned by ***_get_ex_new_index() functions are used when
setting stack (actually, array) values in ex_data. So only increment the
global counters if the underlying CRYPTO_get_ex_new_index() call succeeds.
This change doesn't make "ex_data" right (see the comment at the head of
ex_data.c to know why), but at least makes the source code marginally less
frustrating.
2001-08-12 17:14:35 +00:00
Geoff Thorpe
b7727ee616 The indexes returned by ***_get_ex_new_index() functions are used when
setting stack (actually, array) values in ex_data. So only increment the
global counters if the underlying CRYPTO_get_ex_new_index() call succeeds.
This change doesn't make "ex_data" right (see the comment at the head of
ex_data.c to know why), but at least makes the source code marginally less
frustrating.
2001-08-12 16:52:00 +00:00
Ben Laurie
f0446ca8d7 Move CIPHER_CTX cleanups to _Final routines instead of _Init, which avoids
problems with leaks and uninitialised structures.
2001-08-11 11:32:54 +00:00
Richard Levitte
6bc847e49e Apply the Tru64 patch from Tim Mooney <mooney@dogbert.cc.ndsu.NoDak.edu>
His comments are:

1) Changes all references for `True64' to be `Tru64', which is the correct
spelling for the OS name.

2) Makes `alpha-cc' be the same as `alpha164-cc', and adds an `alphaold-cc'
entry that is the same as the previous `alpha-cc'.  The reason is that most
people these days are using the newer compiler, so it should be the default.

3) Adds a bit of commentary to Configure, regarding the name changes of
the OS over the years, so it's not so confusing to people that haven't been
with the OS for a while.

4) Adds an `alpha-cc-rpath' target (which is *not* selected automatically
by Configure under any circumstance) that builds an RPATH into the
shared libraries.  This is explained in the comment in Configure.  It's
very very useful for people that want it, and people that don't want it
just shouldn't choose that target.

5) Adds the `-pthread' flag as the best way to get POSIX thread support
from the newer compiler.

6) Updates the Makefile targets, so that when the `alpha164-cc', `alpha-cc',
or `alpha-cc-rpath' target is what Configure is set to use, it uses a Makefile
target that includes the `-msym' option when building the shared library.
This is a performance enhancement.

7) Updates `config' so that if it detects you're running version 4 or 5
of the OS, it automatically selects `alpha-cc', but uses `alphaold-cc'
for versions 1-3 of the OS.

8) Updates the comment in opensslv.h, fixing both the OS name typo and
adding a reference to IRIX 6.x, since the shared library semantics are
virtually identical there.
2001-08-10 15:26:21 +00:00
Bodo Möller
e51d1321fc More typedef'd struct names as search targets 2001-08-06 11:57:08 +00:00
Bodo Möller
b9fdb3eb99 Reinsert typedef'ed names for structs to help those trying to read the
sourcecode (including fgrep)
2001-08-06 11:49:31 +00:00
Ben Laurie
d66ace9da5 Start to reduce some of the header bloat. 2001-08-05 18:02:16 +00:00
Ben Laurie
db75357110 Fix memory leak. 2001-08-05 16:13:49 +00:00
Ben Laurie
0713f8abe6 Parameter correction for CIOFSESSION. 2001-08-04 12:16:56 +00:00
Ben Laurie
93d9121a77 Remove extra whitespace. Sorry. 2001-08-03 21:09:21 +00:00
Ben Laurie
92dad6cc84 Reinstate accidentally deleted code. 2001-08-03 19:00:43 +00:00
Ben Laurie
61454a9f8c Get rid of the stuff we, err, got rid of. 2001-08-03 18:52:50 +00:00
Ben Laurie
bb2297a41d Header bloat reduction for EVP_PKEY. 2001-08-03 18:48:35 +00:00
Ben Laurie
1ba01caaa3 Make /dev/crypto work with new EVP structures. 2001-08-03 11:54:37 +00:00
Richard Levitte
5cd6571fae Make sure memcpy() gets properly declared by including string.h. 2001-08-03 10:54:00 +00:00
Richard Levitte
710e5d5639 make update 2001-07-31 17:07:24 +00:00
Ben Laurie
534164ef90 Remove old unused stuff. 2001-07-31 12:03:26 +00:00
Richard Levitte
dbfc0f8c2b Vade retro C++ comments!
(Latin for "comments", anyone?)
2001-07-31 09:15:52 +00:00
Ben Laurie
05bbf78afd Remove //. 2001-07-31 06:47:23 +00:00
Ben Laurie
dbad169019 Really add the EVP and all of the DES changes. 2001-07-30 23:57:25 +00:00
Ben Laurie
3ba5d1cf2e Make EVPs allocate context memory, thus making them extensible. Rationalise
DES's keyschedules.

I know these two should be separate, and I'll back out the DES changes if they
are deemed to be an error.

Note that there is a memory leak lurking in SSL somewhere in this version.
2001-07-30 17:46:22 +00:00
Andy Polyakov
6d03b73e35 Enhanced support for IA-64 Linux and HP-UX (as well as better support for
HP-UX in common in ./config). Note that for the moment of this writing
none of 64-bit platforms pass bntest. I'm committing this anyway as it's
too frustrating to patch snapshots over and over while 0.9.6 is known to
work.
2001-07-30 16:42:15 +00:00
Andy Polyakov
622d3d3592 Support for Intel and HP-UXi assemblers. 2001-07-30 15:54:13 +00:00
Ben Laurie
0e06354402 ANSIfication. 2001-07-30 15:33:46 +00:00
Lutz Jänicke
db089ad60d Don't miss files... 2001-07-30 11:50:37 +00:00
Lutz Jänicke
1f0c9ad7e1 Fix inconsistent behaviour with respect to verify_callback handling. 2001-07-30 11:45:34 +00:00
Bodo Möller
de3333bae4 length of secret exponent is needed only when we create one 2001-07-27 22:45:35 +00:00
Bodo Möller
924875e53b Undo DH_generate_key() change: s3_srvr.c was using it correctly 2001-07-27 22:34:25 +00:00
Lutz Jänicke
3a64458217 Another uninitialized static that may lead to problems on Solaris under some
circumstances.
2001-07-27 12:35:27 +00:00
Richard Levitte
ea71c22731 Addapt VMS script to the latest changes in the makefiles. 2001-07-27 07:47:51 +00:00
Dr. Stephen Henson
dc706cd35f Make sure *outl is always initialized in EVP_EncryptUpdate(). 2001-07-27 02:24:47 +00:00
Dr. Stephen Henson
1241126adf More linker bloat reorganisation:
Split private key PEM and normal PEM handling. Private key
handling needs to link in stuff like PKCS#8.

Relocate the ASN1 *_dup() functions, to the relevant ASN1
modules using new macro IMPLEMENT_ASN1_DUP_FUNCTION. Previously
these were all in crypto/x509/x_all.c along with every ASN1
BIO/fp function which linked in *every* ASN1 function if
a single dup was used.

Move the authority key id ASN1 structure to a separate file.
This is used in the X509 routines and its previous location
linked in all the v3 extension code.

Also move ASN1_tag2bit to avoid linking in a_bytes.c which
is now largely obsolete.

So far under Linux stripped binary with single PEM_read_X509
is now 238K compared to 380K before these changes.
2001-07-27 02:22:42 +00:00
Dr. Stephen Henson
19da130053 First of several reorganisations to
reduce linker bloat. For example the
single line:

PEM_read_X509()

results in a binary of around 400K in Linux!

This first step separates some of the PEM functions and
avoids linking in some PKCS#7 and PKCS#12 code.
2001-07-26 22:34:45 +00:00
Lutz Jänicke
a75b191502 Fix problem occuring when used from OpenSSH on Solaris 8. 2001-07-26 09:02:44 +00:00
Bodo Möller
e5cb260365 DH key generation should not use a do ... while loop,
or bogus DH parameters can be used for launching DOS attacks
2001-07-25 17:48:51 +00:00
Bodo Möller
6aecef815c Don't preserve existing keys in DH_generate_key. 2001-07-25 17:20:34 +00:00
Bodo Möller
daba492c3a md_rand.c thread safety 2001-07-25 17:17:24 +00:00
Bodo Möller
24cff6ced5 always reject data >= n 2001-07-25 17:02:58 +00:00
Bodo Möller
ea3b8af50a avoid warnings 2001-07-24 14:20:36 +00:00
Bodo Möller
badb910f3c Avoid race condition.
Submitted by: Travis Vitek <vitek@roguewave.com>
2001-07-24 12:31:14 +00:00
Geoff Thorpe
07ad8f5d17 Tidy up "cvs update" output a bit. 2001-07-22 23:21:33 +00:00
Richard Levitte
47c3448a97 Not all platforms have the OpenBSD crypto device. 2001-07-21 11:54:24 +00:00
Ben Laurie
c518ade1fd Clean up EVP macros, rename DES EDE3 modes correctly, temporary support for
OpenBSD /dev/crypto (this will be revamped later when the appropriate machinery
is available).
2001-07-21 10:24:07 +00:00
Geoff Thorpe
81d1998e09 Currently, RSA code, when using no padding scheme, simply checks that input
does not contain more bytes than the RSA modulus 'n' - it does not check
that the input is strictly *less* than 'n'. Whether this should be the
case or not is open to debate - however, due to security problems with
returning miscalculated CRT results, the 'rsa_mod_exp' implementation in
rsa_eay.c now performs a public-key exponentiation to verify the CRT result
and in the event of an error will instead recalculate and return a non-CRT
(more expensive) mod_exp calculation. As the mod_exp of 'I' is equivalent
to the mod_exp of 'I mod n', and the verify result is automatically between
0 and n-1 inclusive, the verify only matches the input if 'I' was less than
'n', otherwise even a correct CRT calculation is only congruent to 'I' (ie.
they differ by a multiple of 'n'). Rather than rejecting correct
calculations and doing redundant and slower ones instead, this changes the
equality check in the verification code to a congruence check.
2001-07-20 15:16:10 +00:00
Dr. Stephen Henson
98fc09b18a Delete extra ; 2001-07-11 22:54:24 +00:00
Dr. Stephen Henson
192ebef8cf In ocsp_match_issuerid() we are passed the CA that signed the responder
certificate so need to match its subject with the certificate IDs in the
response.
2001-07-11 22:42:20 +00:00
Richard Levitte
26eaab0990 The implementation of the TKTBODY ASN.1 functions was missing. 2001-07-11 15:29:33 +00:00
Richard Levitte
103a434386 One forgotten function. 2001-07-11 07:10:43 +00:00
Richard Levitte
567671e291 make update 2001-07-10 21:00:37 +00:00
Richard Levitte
d8a750ee7f EVP_Digest() takes one more parameter. 2001-07-10 20:58:13 +00:00
Bodo Möller
9c10b2c8d3 For consistency with the terminology used in my SAC2001 paper, avoid
the term "simultaneous multiplication" (which -- acording to the
paper, at least -- applies only to certain methods which we don't use
here)
2001-07-10 11:41:29 +00:00
Bodo Möller
56a106115f comment change 2001-07-10 11:28:53 +00:00
Bodo Möller
e9ad0d2c31 Fix PRNG. 2001-07-10 10:49:34 +00:00
Bodo Möller
97639f0d73 In version numbers, there is just one "M" nybble. 2001-07-10 10:04:26 +00:00
Bodo Möller
e3a4f8b84c Precomputation will not necessarily be LIm-Lee precomputation. 2001-07-10 10:04:05 +00:00
Richard Levitte
2a1ef75435 Patches from Vern Staats <staatsvr@asc.hpc.mil> to get Kerberos 5 in
SSL according to RFC 2712.  His comment is:

This is a patch to openssl-SNAP-20010702 to support Kerberized SSL
authentication.  I'm expecting to have the full kssl-0.5 kit up on
sourceforge by the end of the week.  The full kit includes patches
for mod-ssl, apache, and a few text clients.  The sourceforge URL
is http://sourceforge.net/projects/kssl/ .

Thanks to a note from Simon Wilkinson I've replaced my KRB5 AP_REQ
message with a real KerberosWrapper struct.  I think this is fully
RFC 2712 compliant now, including support for the optional
authenticator field.  I also added openssl-style ASN.1 macros for
a few Kerberos structs; see crypto/krb5/ if you're interested.
2001-07-09 21:46:58 +00:00
Ben Laurie
c148d70978 A better compromise between encrypt and decrypt (but why isn't it as fast
for encrypt?).
2001-07-09 21:00:36 +00:00
Ben Laurie
7b6055d1af Handle the common case first (where input size is a multiple of block size).
Worth around 5% for encrypt. Slows down decrypt slightly, but I expect to
regain that later.
2001-07-08 19:42:10 +00:00
Ben Laurie
f31b12503e Use & instead of % - worth about 4% for 8 byte blocks. 2001-07-08 17:27:32 +00:00
Ben Laurie
0774f470d9 Correct const-ness. 2001-07-08 11:42:38 +00:00
Ben Laurie
d7a9e91688 Remove unnecessary casts. 2001-07-06 22:06:08 +00:00
Ben Laurie
601cb9be20 Constification. 2001-07-06 21:35:00 +00:00
Richard Levitte
f3229ee19a Use one address consistently. 2001-07-05 10:20:07 +00:00
Richard Levitte
219a3580b7 Change info to correct values. 2001-07-05 10:19:13 +00:00
Bodo Möller
b8e2f83ae6 Call ENGINE_cleanup() to avoid memory leak. 2001-07-04 20:55:36 +00:00
Ben Laurie
5be022712a Update nCipher header with more liberal licence. 2001-07-04 12:26:39 +00:00
Richard Levitte
72b1072fbd Let's include cryptlib.h *before* things like NO_SYSLOG are tested or
used.
2001-07-02 20:43:01 +00:00
Richard Levitte
3bfd99bfbb [Forgotten commits?]
Changes to have OpenSSL compile on OS/2.
Contributed by "Brian Havard" <brianh@kheldar.apana.org.au>
2001-07-02 20:41:05 +00:00
Richard Levitte
dc01b6b1f2 Changes to have OpenSSL compile on OS/2.
Contributed by "Brian Havard" <brianh@kheldar.apana.org.au>
2001-07-01 22:39:46 +00:00
Dr. Stephen Henson
b7a26e6daf Modify apps to use NCONF code instead of old CONF code.
Add new extension functions which work with NCONF.

Tidy up extension config routines and remove redundant code.

Fix NCONF_get_number().

Todo: more testing of apps to see they still work...
2001-06-28 11:41:50 +00:00
Dr. Stephen Henson
9d2e51c199 Another empty X509_NAME fix. 2001-06-26 12:39:22 +00:00
Dr. Stephen Henson
1e325f6149 Handle empty X509_NAME in printing routines. 2001-06-26 12:04:35 +00:00
Bodo Möller
c458a33196 DSA verification should insist that r and s are in the allowed range. 2001-06-26 09:48:17 +00:00
Richard Levitte
b1460627f3 Make get_ip() a bit more strict in it's parsing of IP addresses, and
at the same time a bit more accepting with host names.
2001-06-25 14:12:45 +00:00
Bodo Möller
6a184a6098 Translate into valid C (don't call functions with wrong prototypes). 2001-06-25 10:09:55 +00:00
Richard Levitte
54c7559a7e Make sure we don't return 0 on error. 2001-06-24 07:00:41 +00:00
Dr. Stephen Henson
0c9de428ae In {RSA,DSA,DH}_new_method(x) need to increase the reference
count of the ENGINE is x is not NULL since it will be freed
in {RSA,DSA,DH}_free().
2001-06-23 23:07:34 +00:00
Richard Levitte
f13def508c Use the new UI features, among others the new boolean input.
NOTE: Boolean input hasn't been very well tested yet, so this part may
fail miserably.
2001-06-23 16:46:14 +00:00
Richard Levitte
1ae6ddac91 Including stdio.h before setting _XOPEN_SOURCE and
_XOPEN_SOURCE_EXTENDED wasn't very smart...
2001-06-23 16:44:15 +00:00
Richard Levitte
55dcfa421c make update 2001-06-23 16:43:03 +00:00
Richard Levitte
b589977b9e Do not loop i the OpenSSL UI method any more. Instead, letthe
application do that.

NOTE: there's no requirement for other UI_METHODs to avoid this kind
of loop.  For example, a GUI UI_METHOD would probably check the
lengths of the answers from within instead of being constantly
redisplayed for everything that is wrong.
2001-06-23 16:25:56 +00:00
Richard Levitte
291e4a6ebe make update 2001-06-23 16:23:17 +00:00
Richard Levitte
2d2ed9dffd Implement boolean (yes/no or OK/Cancel, ...) input.
Implement UI controls.  Current controls are the possibility to output
the OpenSSL error stack on the same channel from within UI_process()
and to check if the same user interface can be redone without being
rebuilt (this is often more a question of philosophy than
technicalities).
2001-06-23 16:22:48 +00:00
Richard Levitte
8ada6e7705 New error printing function that gives the possibility to print the
errors through an arbitrary function.
2001-06-23 15:06:17 +00:00
Richard Levitte
7f657f342a Include the UI error strings. 2001-06-23 15:04:51 +00:00
Richard Levitte
20e8f0ee27 For the UI functions that return an int, 0 or any positive number is a
success return, any negative number is a failure.  Make sure we check
the return value with that in mind.
2001-06-23 14:51:53 +00:00
Dr. Stephen Henson
429266b7e4 Fix hwcrhk_insert_card. 2001-06-23 12:50:06 +00:00
Dr. Stephen Henson
54f7ebe789 In UI_dup_*() function, use the duped string, not the original. 2001-06-23 11:51:16 +00:00
Andy Polyakov
19a6e8b32c This fixes "Spurious test failures on IRIX?" reported in April. Apparently
I was wrong in conclusions about when addition starts overflowing in combaX
routines.
2001-06-22 19:17:42 +00:00
Dr. Stephen Henson
ed5538dc2b Fix memory leak when RAND is used: need to cleanup
RANDs ENGINE reference in ENGINE_cleanup().
2001-06-21 12:19:10 +00:00
Richard Levitte
eb929eef14 Since there is a way to create UI_METHODs, implement a destructor as
well.

This probably requires reference counters and locks as well.  To be
implemented later.
2001-06-20 15:00:08 +00:00
Dr. Stephen Henson
323f289c48 Change all calls to low level digest routines in the library and
applications to use EVP. Add missing calls to HMAC_cleanup() and
don't assume HMAC_CTX can be copied using memcpy().

Note: this is almost identical to the patch submitted to openssl-dev
by Verdon Walker <VWalker@novell.com> except some redundant
EVP_add_digest_()/EVP_cleanup() calls were removed and some changes
made to avoid compiler warnings.
2001-06-19 22:30:40 +00:00
Richard Levitte
b7fe2f9675 cp is only used when DSA is built. 2001-06-19 16:40:36 +00:00
Richard Levitte
839590f576 - Add the possibility to control engines through control names but
with arbitrary arguments instead of just a string.
- Change the key loaders to take a UI_METHOD instead of a callback
  function pointer.  NOTE: this breaks binary compatibility with
  earlier versions of OpenSSL [engine].
- Addapt the nCipher code for these new conditions and add a card
  insertion callback.
2001-06-19 16:12:18 +00:00
Richard Levitte
e0a8d1f94e The default flag should be for default passwords only. Otherwise,
someone having a default that is not a password will be confused.
2001-06-19 15:54:47 +00:00
Richard Levitte
9ad0f6812f Enhance the user interface with better support for dialog box
prompting, application-defined prompts, the possibility to use
defaults (for example default passwords from somewhere else) and
interrupts/cancelations.
2001-06-19 15:52:00 +00:00
Dr. Stephen Henson
3cc1f498a1 Don't set pointer if add_lock_callback used. 2001-06-19 00:04:57 +00:00
Ben Laurie
853b1eb424 Fix a memory leak (there's another around here somewhere, though).
PR:
2001-06-17 14:42:57 +00:00
Ben Laurie
09a2615fb2 Delete a redundant line. 2001-06-16 21:51:26 +00:00
Bodo Möller
508f15cdab For MSDOS, the tty filename still is "con", not "/dev/tty" ... 2001-06-11 15:21:33 +00:00
Andy Polyakov
52c0d30078 Get rid of "possible WAW dependency" warnings.
Submitted by:
Reviewed by:
PR:
2001-06-11 12:47:52 +00:00
Bodo Möller
200bc9e3e8 Earlier OpenSSL versions printed prompts to stderr.
In the new crypto/ui/, this was changed into tty (which is usually
/dev/tty), i.e. the FILE * used for reading passwords from the user.
However stdio buffering for read/write streams is not without pitfalls
(passwords would be echoed on some systems).
To avoid problems, split tty into tty_in and tty_out (which are
opened separately).
2001-06-11 09:54:28 +00:00
Dr. Stephen Henson
76569fc662 Initialize UI ex_data. 2001-06-11 00:45:33 +00:00
Dr. Stephen Henson
f2a253e0dd Add support for MS CSP Name PKCS#12 attribute. 2001-06-11 00:43:20 +00:00
Ulf Möller
0ad0eaf61c more error codes fixed 2001-06-08 14:16:39 +00:00
Lutz Jänicke
47b0f48dd9 ERR_peek_error() returns "unsigned long". 2001-06-07 17:20:50 +00:00
Richard Levitte
f420de027f Don't forget to initialise. 2001-06-06 23:12:41 +00:00
Bodo Möller
20e021bf41 when checking OAEP, signal just a single kind of 'decoding error' 2001-06-06 18:48:49 +00:00
Ulf Möller
8ca2ae775d move check to avoid memory leak. 2001-06-06 17:23:23 +00:00
Ulf Möller
ee8aa8217a make sure we don't write to seed[-1] 2001-06-06 17:17:53 +00:00
Richard Levitte
2b49dd1e8f 'make update' 2001-06-05 20:32:36 +00:00
Richard Levitte
30a54b9085 Defining __USE_XOPEN_EXTENDED was the wrong thing. Instead, define
_XOPEN_SOURCE.
2001-06-05 20:29:26 +00:00
Richard Levitte
1e7e62f8cd A good use of the UI interface is as a password callback replacement
(for new functions...).  One might still want to be able to pass down
a user-data pointer to be used by the UI.  However, ex_data doesn't
quite cut it, since that means the appropriate index to it might need
to be shared between parts that aren't really related in that sense,
and would require the currently hidden (static) index holders to be
uncovered.  Not a good thing.  Therefore, add the possibility to add a
user-data pointer to a UI.
2001-06-05 19:05:52 +00:00
Richard Levitte
20251f01ea Accept digits in symbol names. Spotted by Brian Havard <brianh@kheldar.apana.org.au> 2001-06-04 16:34:31 +00:00
Richard Levitte
1690863acc Confusion between algorithms resolved. 2001-06-01 15:30:13 +00:00
Richard Levitte
397211323c nCipher callbacks shall return 0 on success, something else otherwise. 2001-06-01 15:29:32 +00:00
Richard Levitte
a87f50fb5a Stop mishandling the type number in dynlock locking 2001-06-01 15:21:01 +00:00
Bodo Möller
be487c429e increase DEFAULT_BUFFER_SIZE (4K instead of just 1K) 2001-06-01 08:38:29 +00:00
Richard Levitte
80340f1fe9 Don't decrement the reference counter twice when destroying dynamic
links.
2001-05-31 22:25:30 +00:00
Geoff Thorpe
d918f85146 Fix a memory leak in 'sk_dup' in the case a realloc() fails. Also, tidy up
a bit of weird code in sk_new.
2001-05-31 19:01:08 +00:00
Andy Polyakov
a95541d61e Get rid of RAW dependency warnings.
Submitted by:
Reviewed by:
PR:
2001-05-30 22:01:33 +00:00
Andy Polyakov
4cb73bf8e4 Assembler support for IA-64. See the source code commentary for further
details (performance numbers and accompanying discussions:-). Note that
the code is not engaged in ./Configure yet. I'll add it later this week
along with updates for .spec file.

Submitted by:
Reviewed by:
PR:
2001-05-28 20:02:51 +00:00
Richard Levitte
6c1a3e4f58 We had the password callback for ENGINEs pretty much wrong. And
passwords that were given to the key loading functions were completely
ignored, at least in the ncipher code, and then we made the assumption
that the callback wanted a prompt as user argument.

All that is now changed, and the application author is forced to give
a callback function of type pem_callback_cb and possibly an argument
for it, just as for all other functions that want to generate password
prompting.

NOTE: this change creates binary and source incompatibilities with
previous versions of OpenSSL [engine].  It's worth it this time, to
get it right (or at least better and with a chance that it'll work).
2001-05-25 21:08:56 +00:00
Dr. Stephen Henson
76c919c1a3 Add missing variable length cipher flag for Blowfish.
Only use trust settings if either trust or reject settings
are present, otherwise use compatibility mode. This stops
root CAs being rejected if they have alias of keyid set.
2001-05-24 22:58:35 +00:00
Dr. Stephen Henson
b49a5b2dc0 Fix for new UI functions under Win32.
For some unknown reason fopen("con", "w") is the
only way to make this work. Using "r+" and "w+"
causes the fopen call to fail and the fallback
(using stdin) doesn't work because writing to stdin
fails.
2001-05-17 11:47:08 +00:00
Richard Levitte
b8e35bd66e New internal function OPENSSL_gmtime, which is intended to do the same
as gmtime_r() on the systems where that is defined.
2001-05-16 08:44:09 +00:00
Lutz Jänicke
e8734731d3 Increase ENTROPY_NEEDED to support Rijndael's larger key size. 2001-05-15 16:02:35 +00:00
Richard Levitte
9e0fcabeca Do not forget to increment the pointers... 2001-05-15 15:49:54 +00:00
Richard Levitte
6482dec1bb Low-case the names of the system routines, since some versions of
DEC C only have them declared that way (it doesn't really matter,
since the linker is case-insensitive by default)
2001-05-15 05:15:47 +00:00
Richard Levitte
81b5eeed6a branch on equal is beql, not beq... 2001-05-14 22:10:09 +00:00
Richard Levitte
365359dd79 Make sure strdup() is properly declared. 2001-05-14 12:23:28 +00:00
Richard Levitte
2757be06de Make sure memset() is properly declared. 2001-05-14 12:22:58 +00:00
Richard Levitte
d0afe49d3e ui was forgotten when installing libcrypto and it's headers. 2001-05-14 12:22:27 +00:00
Richard Levitte
2643b122fc Remove the password reading objects from LIB_DES. 2001-05-14 11:59:02 +00:00
Richard Levitte
88db657ac2 Make more short aliases for symbols that are longer than 31
characters.
2001-05-14 11:58:08 +00:00
Richard Levitte
1f0af2c073 len is a size_t, which is an unsigned integer. Therefore, some
compilers will complain against the check for less than zero.
2001-05-14 11:56:47 +00:00
Richard Levitte
2ed2d1515e Use ui_compat.h to get the password reading functions. 2001-05-14 11:54:36 +00:00
Richard Levitte
bb5b16a36c Make it so the compiler doesn't inform me about the dollars in some
symbols.
2001-05-14 11:53:37 +00:00
Richard Levitte
739862384c A randomizer for OpenVMS, using the statistics that are easily
reachable.

It's completely untested for now.  To be done in the next few days.
2001-05-13 10:34:18 +00:00
Richard Levitte
0a647c2b8b Define `ok' and better error detection. 2001-05-13 05:34:39 +00:00
Richard Levitte
429e4f0de8 make update 2001-05-13 05:16:58 +00:00
Richard Levitte
299053becd des_read_password() and des_read_2passwords() can only appear if DES
is compiled.
2001-05-13 04:59:09 +00:00
Richard Levitte
56bb1a7c83 Move the password reading functions completely away from the DES
section.

Add ui_compat.h for inclusion by those who want the old functions and
provide all of them, not just the higher-level ones, in ui_compat.c.
2001-05-13 04:40:44 +00:00
Dr. Stephen Henson
d70e5100c0 #if 0 out deleted (?) functions to stop Win32 DLL
build falling over.
2001-05-13 00:33:55 +00:00
Dr. Stephen Henson
4831e626aa Change Win32 to use EXPORT_VAR_AS_FN.
Fix OPENSSL_IMPLEMENT_GLOBAL.

Allow Win32 to use EXPORT_VAR_AS_FN in mkdef.pl

make update.
2001-05-12 23:57:41 +00:00
Dr. Stephen Henson
29fb08c2de Typo. 2001-05-12 00:09:04 +00:00
Richard Levitte
7babdf2029 e_os2.h defines things like OPENSSL_SYS_MSDOS, not opensslconf.h...
(basically: whooops :-))
2001-05-11 11:20:26 +00:00
Dr. Stephen Henson
926a56bfe3 Purpose and trust setting functions for X509_STORE.
Tidy existing code.
2001-05-10 00:13:59 +00:00
Dr. Stephen Henson
d6f188be71 Fix warning with DEBUG_SAFESTACK 2001-05-10 00:09:43 +00:00
Dr. Stephen Henson
bdee69f718 Allow various X509_STORE_CTX properties to be
inherited from X509_STORE.

Add CRL checking options to other applications.
2001-05-09 00:30:39 +00:00
Richard Levitte
f53948856e There is no uitest 2001-05-08 04:23:25 +00:00
Dr. Stephen Henson
b545dc6775 Initial CRL based revocation checking. 2001-05-07 22:52:50 +00:00
Richard Levitte
027902999e Clarify the license and copyright, make preprocessor dirctives a
little bit clearer and use the new OPENSSL_SYS_* macros.
2001-05-07 06:33:35 +00:00
Richard Levitte
9a310a5d4e make update 2001-05-06 23:51:37 +00:00
Richard Levitte
a63d5eaab2 Add a general user interface API. This is designed to replace things
like des_read_password and friends (backward compatibility functions
using this new API are provided).  The purpose is to remove prompting
functions from the DES code section as well as provide for prompting
through dialog boxes in a window system and the like.
2001-05-06 23:19:37 +00:00
Richard Levitte
f0b54fefe9 Some platforms (most notably Windows) do not have a $HOME by default.
For those, unless the environment variables RANDFILE or HOME are
defined (the default case!), RAND_file_name() will return NULL.
This change adds a default HOME for those platforms.

To add a default HOME for any platform, just define DEFAULT_HOME in
the proper place, wrapped in appropriate #ifdef..#endif, in e_os.h.
2001-05-03 07:50:11 +00:00
Geoff Thorpe
7ae551fd03 In RSA, DSA, DH, and RAND - if the "***_new()" function fails because the
ENGINE code does not return a default, set an error.
2001-04-30 15:24:41 +00:00
Dr. Stephen Henson
c2e45f6ddf Win32 fixes:
define LLONG properly for VC++.

stop compiler complaining about signed/unsigned mismatch in apps/engine.c
2001-04-29 16:30:59 +00:00
Geoff Thorpe
06cb0353e5 For some inexplicable reason, I'd (a) left the debugging irreversibly
turned on, and (b) left a somewhat curious debugging string in the output.
2001-04-27 00:31:21 +00:00
Geoff Thorpe
b41f836e5f Some fixes to the reference-counting in ENGINE code. First, there were a
few statements equivalent to "ENGINE_add(ENGINE_openssl())" etc. The inner
call to ENGINE_openssl() (as with other functions like it) orphans a
structural reference count. Second, the ENGINE_cleanup() function also
needs to clean up the functional reference counts held internally as the
list of "defaults" (ie. as used when RSA_new() requires an appropriate
ENGINE reference). So ENGINE_clear_defaults() was created and is called
from within ENGINE_cleanup(). Third, some of the existing code was
logically broken in its treatment of reference counts and locking (my
fault), so the necessary bits have been restructured and tidied up.

To test this stuff, compiling with ENGINE_REF_COUNT_DEBUG will cause every
reference count change (both structural and functional) to log a message to
'stderr'. Using with "openssl engine" for example shows this in action
quite well as the 'engine' sub-command cleans up after itself properly.

Also replaced some spaces with tabs.
2001-04-26 23:04:30 +00:00
Geoff Thorpe
0ce5f3e4f5 This adds 2 things to the ENGINE code.
* "ex_data" - a CRYPTO_EX_DATA structure in the ENGINE structure itself
   that allows an ENGINE to store its own information there rather than in
   global variables. It follows the declarations and implementations used
   in RSA code, for better or worse. However there's a problem when storing
   state with ENGINEs because, unlike related structure types in OpenSSL,
   there is no ENGINE-vs-ENGINE_METHOD separation. Because of what ENGINE
   is, it has method pointers as its structure elements ...  which leads
   to;

 * ENGINE_FLAGS_BY_ID_COPY - if an ENGINE should not be used just as a
   reference to an "implementation" (eg. to get to a hardware device), but
   should also be able to maintain state, then this flag can be set by the
   ENGINE implementation. The result is that any call to ENGINE_by_id()
   will not result in the existing ENGINE being returned (with its
   structural reference count incremented) but instead a new copy of the
   ENGINE will be returned that can maintain its own state independantly of
   any other copies returned in the past or future. Eg. key-generation
   might involve a series of ENGINE-specific control commands to set
   algorithms, sizes, module-keys, ids, ACLs, etc. A final command could
   generate the key. An ENGINE doing this would *have* to declare
   ENGINE_FLAGS_BY_ID_COPY so that the state of that process can be
   maintained "per-handle" and unaffected by other code having a reference
   to the same ENGINE structure.
2001-04-26 19:35:44 +00:00
Richard Levitte
a679116f6f Provide the possibility to clean up internal ENGINE structures. This
takes care of what would otherwise be seen as a memory leak.
2001-04-26 16:07:08 +00:00
Richard Levitte
3988bb34aa gcc warns when certain values of an enumeration aren't taken care of,
unless there's a default clause.
2001-04-26 15:53:42 +00:00
Richard Levitte
9e78e6c3f8 Check for OPENSSL_NO_RSA, OPENSSL_NO_DSA and OPENSSL_NO_DH and disable
appropriate code if any of them is defined.
2001-04-26 15:45:12 +00:00
Richard Levitte
3caff6092a engine.h includes all the needed header files, so don't do it again
here.
2001-04-26 15:04:22 +00:00
Richard Levitte
91dc71f98d User OPENSSL_UNISTD instead of <unistd.h>.
Spotted by Mark Crispin <MRC@Panda.COM>
2001-04-26 08:26:18 +00:00
Geoff Thorpe
b7b6c047ca This change to the "dl", "dlfcn", and "win32" DSO_METHODs adds the filename
or symbol name to the error stack in the event a load or bind operation
failed.
2001-04-25 22:40:55 +00:00
Dr. Stephen Henson
c962479bdf Fix ASN1 bug when decoding OTHER type.
Various S/MIME DSA related fixes.
2001-04-21 12:06:01 +00:00
Richard Levitte
0cd5866726 VMS was behind when it comes to OCSP. 2001-04-20 12:37:14 +00:00
Geoff Thorpe
e2f3ae1252 Some more tweaks to ENGINE code.
This change adds some basic control commands to the existing ENGINEs
(except the software 'openssl' engine). All these engines currently load
shared-libraries for hardware APIs, so they've all been given "SO_PATH"
commands that will configure the chosen ENGINE to load its shared library
from the given path. Eg. by calling;
    ENGINE_ctrl_cmd_string(e, "SO_PATH", <path>, 0).

The nCipher 'chil' ENGINE has also had "FORK_CHECK" and "THREAD_LOCKING"
commands added so these settings could be handled via application-level
configuration rather than in application source code.

Changes to "openssl engine" to test and examine these control commands will
be made shortly. It will also provide the necessary tips to application
programs wanting to support these dynamic control commands.
2001-04-19 01:45:40 +00:00
Geoff Thorpe
40fcda292f Some BIG tweaks to ENGINE code.
This change adds some new functionality to the ENGINE code and API to
make it possible for ENGINEs to describe and implement their own control
commands that can be interrogated and used by calling applications at
run-time. The source code includes numerous comments explaining how it all
works and some of the finer details. But basically, an ENGINE will normally
declare an array of ENGINE_CMD_DEFN entries in its ENGINE - and the various
new ENGINE_CTRL_*** command types take care of iterating through this list
of definitions, converting command numbers to names, command names to
numbers, getting descriptions, getting input flags, etc. These
administrative commands are handled directly in the base ENGINE code rather
than in each ENGINE's ctrl() handler, unless they specify the
ENGINE_FLAGS_MANUAL_CMD_CTRL flag (ie. if they're doing something clever or
dynamic with the command definitions).

There is also a new function, ENGINE_cmd_is_executable(), that will
determine if an ENGINE control command is of an "executable" type that
can be used in another new function, ENGINE_ctrl_cmd_string(). If not, the
control command is not supposed to be exposed out to user/config level
access - eg. it could involve the exchange of binary data, returning
results to calling code, etc etc. If the command is executable then
ENGINE_ctrl_cmd_string() can be called using a name/arg string pair. The
control command's input flags will be used to determine necessary
conversions before the control command is called, and commands of this
form will always return zero or one (failure or success, respectively).
This is set up so that arbitrary applications can support control commands
in a consistent way so that tweaking particular ENGINE behaviour is
specific to the ENGINE and the host environment, and independant of the
application or OpenSSL.

Some code demonstrating this stuff in action will applied shortly to the
various ENGINE implementations, as well as "openssl engine" support for
executing arbitrary control commands before and/or after initialising
various ENGINEs.
2001-04-19 00:41:55 +00:00
Geoff Thorpe
59bc3126c5 Some more tweaks to ENGINE code.
The existing ENGINEs (including the default 'openssl' software engine) were
static, declared inside the source file for each engine implementation. The
reason this was not going boom was that all the ENGINEs had reference
counts that never hit zero (once linked into the internal list, each would
always have at least 1 lasting structural reference).

To fix this so it will stay standing when an "unload" function is added to
match ENGINE_load_builtin_engines(), the "constructor" functions for each
ENGINE implementation have been changed to dynamically allocate and
construct their own ENGINEs using API functions. The other benefit of this
is that no ENGINE implementation has to include the internal "engine_int.h"
header file any more.
2001-04-18 21:46:00 +00:00
Bodo Möller
6e6d04e29a fix md_rand.c locking bugs 2001-04-18 15:07:35 +00:00
Geoff Thorpe
48ff225300 Make the shared library name and function symbol for the "nuron" ENGINE
static data where they could be parameterised by ctrl() commands.
2001-04-18 04:47:01 +00:00
Geoff Thorpe
a4a9d97a3e Some more tweaks from ENGINE code.
Previously RAND_get_rand_method was returning a non-const pointer, but it
should be const. As with all other such cases, METHOD pointers are stored and
returned as "const". The only methods one should be able to alter are methods
"local" to the relevant code, in which case a non-const handle to the methods
should already exist.

This change has been forced by the constifying of the ENGINE code (before
which RAND_METHOD was the only method pointer in an ENGINE structure that was
not constant).
2001-04-18 04:18:16 +00:00
Geoff Thorpe
404f952aa3 Some more tweaks to ENGINE code.
ENGINE handler functions should take the ENGINE structure as a parameter -
this is because ENGINE structures can be copied, and like other
structure/method setups in OpenSSL, it should be possible for init(),
finish(), ctrl(), etc to adjust state inside the ENGINE structures rather
than globally. This commit includes the dependant changes in the ENGINE
implementations.
2001-04-18 03:57:05 +00:00
Geoff Thorpe
dcd87618ab Some more tweaks to ENGINE code.
Previous changes permanently removed the commented-out old code for where
it was possible to create and use an ENGINE statically, and this code gets
rid of the ENGINE_FLAGS_MALLOCED flag that supported the distinction with
dynamically allocated ENGINEs. It also moves the area for ENGINE_FLAGS_***
values from engine_int.h to engine.h - because it should be possible to
declare ENGINEs just from declarations in exported headers.
2001-04-18 03:03:16 +00:00
Geoff Thorpe
d54bf14559 Some more tweaks to ENGINE code.
* Constify the get/set functions, and add some that functions were missing.

* Add a new 'ENGINE_cpy()' function that will produce a new ENGINE based
  copied from an original (except for the references, ie. the new copy will
  be like an ENGINE returned from 'ENGINE_new()' - a structural reference).

* Removed the "null parameter" checking in the get/set functions - it is
  legitimate to set NULL values as a way of *changing* an ENGINE (ie.
  removing a handler that previously existed). Also, passing a NULL pointer
  for an ENGINE is obviously wrong for these functions, so don't bother
  checking for it. The result is a number of error codes and strings could
  be removed.
2001-04-18 02:01:36 +00:00
Geoff Thorpe
ea3a429efe Structural references should never be decremented directly - so leave that
to ENGINE_free(). Also, remove "#if 0" code that has no useful future.
2001-04-18 01:07:28 +00:00
Geoff Thorpe
e3f1223fe4 This moves string constants out of vendor headers and into C files. 2001-04-18 00:43:23 +00:00
Geoff Thorpe
7ef6e3fe2f 'make update' 2001-04-17 23:53:58 +00:00
Ben Laurie
4f19a0672b Fix warning. 2001-04-16 03:00:57 +00:00
Lutz Jänicke
854e076df8 Constify (Jason Molenda <jason@molenda.com>) 2001-04-14 14:50:02 +00:00
Richard Levitte
c9fd77e9dd Make it possible to move the emailAddress object to the subjectAltName
extension instead of just copying it.  That makes a certificate comply
even more with PKIX recommendations according to RFC 2459.
2001-04-11 12:55:06 +00:00
Bodo Möller
1f224bf029 Adjust BN_mod_inverse algorithm selection according to experiments on
Ultra-Sparcs (both 32-bit and 64-bit compilations)
2001-04-09 09:28:24 +00:00
Bodo Möller
ac0f1d0b14 comment 2001-04-08 18:47:23 +00:00
Bodo Möller
124d8cf701 code documentation 2001-04-08 18:41:35 +00:00
Bodo Möller
7d0d0996aa binary algorithm for modular inversion 2001-04-08 18:23:44 +00:00
Richard Levitte
77dd9c1850 Add the possibility to have AES removed in Windows as well.
Spotted by Harald Koch <chk@pobox.com>
2001-04-08 04:35:58 +00:00
Bodo Möller
83d968df60 Don't use 'tt' uninitialized when reporting an error
(we don't have an ASN1_TEMPLATE to complain about at this stage,
so  errtt == NULL  should be OK)
2001-04-05 11:40:16 +00:00
Richard Levitte
4ac881ede3 Fix couple of memory leaks in PKCS7_dataDecode().
(provided by Stephen)
2001-04-05 10:19:12 +00:00
Richard Levitte
26c7750827 Since vms.mar handles 32-bit integers, do not use it on Alpha, that's
just a slowdown.
2001-04-04 13:52:56 +00:00
Bodo Möller
413a4a0461 Fix warnings. 2001-04-03 14:03:47 +00:00
Bodo Möller
a95d2c5133 Make sure OPENSSL_SYS_... is defined when we need it. 2001-04-03 14:03:19 +00:00
Richard Levitte
4e2a08ddd4 Plug a memory leak. Spotted by "Shijin" <shijin@comex.com> 2001-04-03 09:42:36 +00:00
Richard Levitte
e56b54a376 libfisdef.h and LIB do not exist on older VMS versions 2001-04-03 08:31:39 +00:00
Geoff Thorpe
69443d0da0 ENGINE_load_[private|public]_key had error handling that could return
without releasing a lock. This is the same fix as applied to
OpenSSL-engine-0_9_6-stable, minus the ENGINE_ctrl() change - the HEAD
already had that fixed.
2001-04-02 17:47:16 +00:00
Geoff Thorpe
e4dc18d7e5 Actually there were two error cases that could return without releasing the
lock - stupidly, my last change addressed only one of them.
2001-04-02 17:21:36 +00:00
Geoff Thorpe
3f86a2b147 Don't return an error until the global lock is released. 2001-04-02 17:06:36 +00:00
Dr. Stephen Henson
722ca2781c Rewrite CHOICE field setting code to properly handle
combine in CHOICE options.

This was causing d2i_DSAPublicKey() to misbehave.
2001-04-02 00:59:19 +00:00
Richard Levitte
9946491fcc Complete the des_encrypt to des_encrypt1 rename in the main
development line as well.
2001-03-30 07:26:54 +00:00
Richard Levitte
ae6dfff5bf One des_encrypt to des_encrypt1 I forgot to commit... 2001-03-29 20:30:23 +00:00
Richard Levitte
080b8cadfa Since there has been reports of clashes between OpenSSL's
des_encrypt() and des_encrypt() defined on some systems (Solaris and
Unixware and maybe others), we rename des_encrypt() to des_encrypt1().
This should have very little impact on external software unless
someone has written a mode of DES, since that's all des_encrypt() is
meant for.
2001-03-29 07:45:37 +00:00
Ulf Möller
7d7672f119 check CRT 2001-03-28 05:10:38 +00:00
Ulf Möller
6a5b52efa0 check CRT 2001-03-28 04:56:58 +00:00
Andy Polyakov
500230ee94 The IRIX fix. Asm recap and corresponding declation.
Submitted by:
Reviewed by:
PR:
2001-03-27 22:30:46 +00:00
Richard Levitte
347177e052 Include bn.h so we get BN_LLONG properly defined. Otherwise, we can forget things like %lld 2001-03-27 18:34:04 +00:00
Richard Levitte
812cb5638c make update 2001-03-24 12:39:59 +00:00
Richard Levitte
5238fccc15 Use stdlib.h to get size_t. 2001-03-21 18:43:12 +00:00
Richard Levitte
8a2908a24a Since they aren't implemented yet, EC_GFp_{recp,nist}_method() need to
be "#if 0"'d, or they will (re)appear as existing functions in
util/libeay.num.
2001-03-21 12:34:34 +00:00
Richard Levitte
271da5a2e0 avoid linking problems when OpenSSL is built with no-dsa. Spotted by Hellan,Kim KHE <khe@kmd.dk> 2001-03-20 15:36:59 +00:00
Bodo Möller
26fbabf3d1 Increase boundaries in EC_window_bits_for_scalar_size table. 2001-03-20 11:16:12 +00:00
Bodo Möller
37cdcb4d8a Table for window sizes. 2001-03-19 22:38:24 +00:00
Richard Levitte
8bf49ea170 New cofiguration for Unixwre and SCO,with slightly better granularity. Contributed by Tim Rice <tim@multitalents.net> 2001-03-18 14:25:01 +00:00
Dr. Stephen Henson
02ee8626fb Fix PKCS#12 key generation bug. 2001-03-18 02:11:42 +00:00
Dr. Stephen Henson
535d79da63 Overhaul the display of certificate details in
the 'ca' utility. This can now be extensively
customised in the configuration file and handles
multibyte strings and extensions properly.

This is required when extensions copying from
certificate requests is supported: the user
must be able to view the extensions before
allowing a certificate to be issued.
2001-03-15 19:13:40 +00:00
Bodo Möller
4f69172d25 Completely remove mont2 stuff.
It does not appear to be faster than the current Montgomery code
except for very small moduli (somewhere between 192 and 224 bits
in a 64-bit Sun environment, and even less than 192 bits
on 32 bit systems).
2001-03-15 18:17:40 +00:00
Bodo Möller
63c43dcc59 avoid infinite loop 2001-03-15 11:31:37 +00:00
Bodo Möller
8562801137 error codes are longs, not ints 2001-03-15 11:30:55 +00:00
Bodo Möller
5d8094143e More error_data memory leaks 2001-03-15 11:30:10 +00:00
Dr. Stephen Henson
0a3ea5d34a Document the -certopt option to the x509 utility.
Add no_issuer option.

Fix X509_print_ex() so it prints out newlines when
certain fields are omitted.
2001-03-15 01:15:54 +00:00
Bodo Möller
a5e4c0bb9e The former ULTRASPARC preprocessor symbol is now called
OPENSSL_SYSNAME_ULTRASPARC, so we'd better check for that one
2001-03-14 14:02:10 +00:00
Richard Levitte
37a92e9ce4 make update. 2001-03-13 21:47:23 +00:00
Bodo Möller
d3ee37c5d9 Use err_clear_data macro 2001-03-13 07:02:59 +00:00
Bodo Möller
f51cf14b85 fix memory leak in err.c 2001-03-12 18:07:20 +00:00
Bodo Möller
194dd04699 Rename function EC_GROUP_precompute to EC_GROUP_precompute_mult,
which indicate its purpose more clearly.
2001-03-12 07:26:23 +00:00
Bodo Möller
14f7ee4916 Add various X9.62 OIDs. (GF(2^n) mostly left out.) 2001-03-11 21:54:51 +00:00
Bodo Möller
5b054c6955 EC_METHOD based on bn_mont2 (not used in the library) 2001-03-11 17:43:07 +00:00
Bodo Möller
10654d3a74 Forcibly enable memory leak checking during "make test" 2001-03-11 14:49:46 +00:00
Bodo Möller
6017e604f8 Timings are not supposed to be enabled by default ... 2001-03-11 12:30:52 +00:00
Bodo Möller
3837491174 Add functions EC_POINT_mul and EC_GROUP_precompute.
The latter does nothing for now, but its existence means
that applications can request precomputation when appropriate.
2001-03-11 12:27:24 +00:00
Bodo Möller
86a921af06 handle negative scalars correctly when doing point multiplication 2001-03-11 08:44:50 +00:00
Bodo Möller
616df35633 use fflush 2001-03-11 08:27:11 +00:00
Bodo Möller
e44fcedadf Change timing output: We don't have "exponents" here, curves are
considered additive
2001-03-10 23:49:06 +00:00
Bodo Möller
6f8f443170 comment and error code update 2001-03-10 23:37:52 +00:00
Bodo Möller
d18af3f37e Remove files from Lenka's EC implementation. 2001-03-10 23:26:41 +00:00
Bodo Möller
48fe4d6233 More EC stuff, including EC_POINTs_mul() for simultaneous scalar
multiplication of an arbitrary number of points.
2001-03-10 23:18:35 +00:00
Dr. Stephen Henson
24a93e6cdd In crypto/ec #if 0 out structures which reference (currently)
non existent functions because this breaks shared libraries.
2001-03-10 12:37:01 +00:00
Dr. Stephen Henson
40e15f9d78 Typo. 2001-03-10 01:57:38 +00:00
Bodo Möller
4e20b1a656 Instead of telling both 'make' and the user that ranlib
errors can be tolerated, hide the error from 'make'.
This gives shorter output both if ranlib fails and if
it works.
2001-03-09 14:01:42 +00:00
Dr. Stephen Henson
1358835050 Change the EVP_somecipher() and EVP_somedigest()
functions to return constant EVP_MD and EVP_CIPHER
pointers.

Update docs.
2001-03-09 02:51:02 +00:00
Richard Levitte
754d494bef Bug fixes. 2001-03-09 01:13:23 +00:00
Bodo Möller
42909e3968 Fix ec_GFp_simple_cmp.
Use example group from Annex I of X9.62 in ectest.c.
2001-03-08 22:52:49 +00:00
Bodo Möller
156e85578d Implement EC_GFp_mont_method. 2001-03-08 20:55:16 +00:00
Bodo Möller
b28ec12420 Fixes to make 'no-ec' work (it should not turn 'objects' into 'objts' for example) 2001-03-08 19:34:14 +00:00
Bodo Möller
bb62a8b0c5 More method functions for elliptic curves,
and an ectest.c that actually tests something.
2001-03-08 19:14:52 +00:00
Richard Levitte
0e99546424 Some EC function names are really long. Make aliases for VMS on VAX. 2001-03-08 17:20:31 +00:00
Bodo Möller
ff612904d2 Comment 2001-03-08 16:53:30 +00:00
Ulf Möller
429cf462d0 old MSVC versions don't have rdtsc
use _emit instead

Pointed out by Jeremy Cooper <jeremy@baymoo.org>
2001-03-08 16:46:23 +00:00
Bodo Möller
c62b26fdc6 Hide BN_CTX structure details.
Incease the number of BIGNUMs in a BN_CTX.
2001-03-08 15:56:15 +00:00
Richard Levitte
e0a9ba9c3c VMS catches up on the EC modifications. 2001-03-08 14:40:20 +00:00
Dr. Stephen Henson
2dc769a1c1 Make EVP_Digest*() routines return a value.
TODO: update docs, and make soe other routines
which use EVP_Digest*() check return codes.
2001-03-08 14:04:22 +00:00
Bodo Möller
4f98cbabde avoid compiler warning 2001-03-08 14:02:28 +00:00
Bodo Möller
98499135d7 Constify BN_value_one. 2001-03-08 13:58:09 +00:00
Bodo Möller
3285076c8e Integrate ec_err.[co].
"make depend"
2001-03-08 12:30:12 +00:00
Bodo Möller
de10f6900d Sort openssl.ec, the configuration file for mkerr.pl.
Change mkerr.pl so that it puts the ERR_load_..._strings()
prototype in header files that it writes.
2001-03-08 12:14:25 +00:00
Bodo Möller
adfe54b7be Integrate ectest.c (which does not yet do anything). 2001-03-08 11:59:48 +00:00
Bodo Möller
b576337e8b Order ERR_load_... calls like the stuff in err.h. 2001-03-08 11:59:03 +00:00
Bodo Möller
4de633dd5f Get rid of '#define ERR_file_name __FILE__', which is unnecessary indirection.
(It cannot possibly help to avoid duplicate 'name of file' strings
in object files because the preprocessor does not work at object file
level.)
2001-03-08 11:45:44 +00:00
Bodo Möller
91f29a38a0 Let EC_POINT_copy do nothing if dest==src 2001-03-08 11:18:06 +00:00